Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,650
Mitigations
Mitigation rules
14,805
No official patch
11,255
In triage
1,556
Published soon
1
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Ultimate Addons for WPBakery Page Builder
< 3.21.4
Cross Site Scripting (XSS) vulnerability
6.5
31 minutes ago
King Addons for Elementor
<= 51.1.53
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability
6.5
6 hours ago
Contact Form Entries
<= 1.4.9
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
4.3
6 hours ago
Shortcodes Ultimate
<= 7.4.10
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability
6.5
6 hours ago
Amelia
<= 2.1.2
Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability
8.5
6 hours ago
Performance Monitor
<= 1.0.6
Unauthenticated Blind SSRF vulnerability
5.4
6 hours ago
Minify HTML
<= 2.1.12
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
9 hours ago
Profile Builder
<= 3.15.5
WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability
4.3
9 hours ago
Auto Post Scheduler
<= 1.84
Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability
7.1
22 hours ago
WooCommerce Payments
<= 10.5.1
Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax vulnerability
6.5
22 hours ago
Kubio AI Page Builder
<= 2.7.0
Cross Site Scripting (XSS) vulnerability
6.5
23 hours ago
Loco Translate
<= 2.8.2
Reflected Cross-Site Scripting via 'update_href' Parameter vulnerability
7.1
1 day ago
Oxygen
<= 6.0.8
Unauthenticated Server-Side Request Forgery via route_path vulnerability
7.2
1 day ago
Gravity SMTP
<= 2.1.4
Unauthenticated Sensitive Information Exposure via REST API vulnerability
7.5
1 day ago
Everest Forms Pro
<= 1.9.12
Unauthenticated Remote Code Execution via Calculation Field vulnerability
10
1 day ago
Contact Form by Supsystic
<= 1.7.36
Unauthenticated Server-Side Template Injection via Prefill Functionality vulnerability
10
1 day ago
Ibtana
<= 1.2.5.7
WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
1 day ago
TrueBooker
<= 1.1.4
WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability
5.3
1 day ago
Debugger & Troubleshooter
<= 1.3.2
Unauthenticated Privilege Escalation to Administrator via Cookie Manipulation vulnerability
9.8
1 day ago
Fluent Booking
<= 2.0.01
Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability
7.1
1 day ago
Load more