Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,500
Mitigations
Mitigation rules
14,099
No official fix
10,951
In triage
1,254
Published soon
33
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Booking Calendar
<= 10.14.14
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings Modification vulnerability
4.3
1 hour ago
Export any WordPress data to XML/CSV
<= 1.4.14
Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability
3.7
1 hour ago
The Plus Addons for Elementor Page Builder Lite
<= 6.4.7
Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability
4.3
1 hour ago
Bookster
<= 2.1.1
WordPress Bookster - WordPress Appointment Booking Plugin plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' vulnerability
7.6
1 hour ago
WP-DownloadManager
<= 1.69
Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability
6.5
1 hour ago
IMGspider
<= 2.3.10
Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability
9.9
13 hours ago
Import Eventbrite Events
<= 1.7.4
Reflected Cross-Site Scripting vulnerability
7.1
13 hours ago
WP RSS Aggregator
<= 5.0.10
Reflected Cross-Site Scripting via 'template' Parameter vulnerability
7.1
13 hours ago
FluentForm
<= 5.1.19
Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability
6.5
13 hours ago
LiquidPoll
<= 3.3.78
Unauthenticated Stored Cross-Site Scripting via form_data Parameter vulnerability
7.1
13 hours ago
ARForms Form Builder
<= 1.5.8
Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability
7.1
13 hours ago
Formidable Forms
<= 6.7
HTML Injection vulnerability
6.5
13 hours ago
tagDiv Composer
<= 5.0
Reflected Cross-Site Scripting via envato_code[] vulnerability
7.1
13 hours ago
Premmerce
<= 1.3.20
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability
6.5
13 hours ago
Subitem AL Slider
<= 1.0.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
13 hours ago
Product Addons for Woocommerce
<= 3.1.0
WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability
7.2
13 hours ago
Download Manager
<= 3.3.46
Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability
7.1
14 hours ago
ShopLentor
<= 3.3.2
Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability
8.6
14 hours ago
Rent Fetch
<= 0.32.6
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
7.1
14 hours ago
WPNakama
<= 0.6.5
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
9.3
14 hours ago
Load more