Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,437
Mitigations
Mitigation rules
15,968
No official patch
13,059
In triage
1,380
Published soon
12
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
@tak-ps/cloudtak
< 13.10.0
NPM: CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
7.6
13 hours ago
exifreader
<= 4.40.0
NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
5.3
14 hours ago
@prompty/core
>= 2.0.0-alpha.1, < 2.0.0-beta.3
NPM: Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
8.7
15 hours ago
@prompty/core
<= 2.0.0-beta.1
NPM: Prompty: Arbitrary file read via file reference expansion
7.5
15 hours ago
mcp-memory-keeper
< 0.13.0
NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
6.2
15 hours ago
@tak-ps/cloudtak
<= 13.5.0
NPM: TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
5
16 hours ago
WordPress
<= 7.0.1
Unauthenticated REST API Batch Request Handler Confusion
9.1
16 hours ago
WordPress
<= 7.0.1
Unauthenticated SQL Injection vulnerability
9.8
16 hours ago
rtMedia for WordPress, BuddyPress and bbPress
<= 4.6.18
SQL Injection vulnerability
8.5
1 day ago
SureForms
<= 2.2.1
Broken Access Control vulnerability
7.5
1 day ago
Booking calendar, Appointment Booking System
<= 3.2.17
SQL Injection vulnerability
9.3
1 day ago
Ultimate Member
<= 2.10.1
SQL Injection vulnerability
9.3
1 day ago
GEO my WordPress
<= 4.5.4
Unauthenticated SQL Injection vulnerability
9.3
1 day ago
Under Construction
<= 5.76
Arbitrary File Download vulnerability
6.5
1 day ago
WordPress Social Login and Register
<= 7.7.0
Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability
9.8
1 day ago
Planyo online reservation system
<= 3.0
Unauthenticated Server-Side Request Forgery vulnerability
7.2
1 day ago
Form Vibes – Database Manager for Forms
<= 1.5.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
WP Hotel Booking
<= 2.3.1
Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability
5.3
2 days ago
Code Engine
<= 0.3.5
Authenticated (Contributor+) Remote Code Execution vulnerability
9.9
2 days ago
Essential Addons for Elementor
<= 6.6.10
Authenticated (Contributor+) Account Takeover vulnerability
8.8
2 days ago
Load more