Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,340
Mitigations
Mitigation rules
14,611
No official patch
11,210
In triage
1,320
Published soon
14
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
ilGhera Carta Docente for WooCommerce
<= 1.5.0
Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability
6.5
6 hours ago
CM Custom WordPress Reports and Analytics
<= 1.2.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels vulnerability
5.9
6 hours ago
RockPress
<= 1.0.17
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions vulnerability
5.4
6 hours ago
Instant Popup Builder
<= 1.1.7
Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter vulnerability
5.3
9 hours ago
Add Custom Fields to Media
<= 2.0.3
Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter vulnerability
4.3
9 hours ago
Draft List
<= 2.6.2
Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability
5.9
10 hours ago
Download Manager
<= 3.3.49
Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability
4.3
10 hours ago
Info Cards
<= 2.0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability
6.5
10 hours ago
NextGEN Gallery
<= 4.0.4
WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability
7.2
10 hours ago
Code Embed
<= 2.5.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
1 day ago
Post SMTP
<= 3.8.0
Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
5.4
1 day ago
JSON Content Importer
< 2.0.10
Contributor+ Stored XSS vulnerability
6.5
1 day ago
Contextual Related Posts
< 4.2.2
Broken Access Control vulnerability
5.3
1 day ago
WishList Member X
<= 3.29.0
PHP Object Injection vulnerability
8.8
2 days ago
WishList Member X
<= 3.29.0
Arbitrary File Upload vulnerability
9.9
2 days ago
Widget Wrangler
<= 2.3.9
Remote Code Execution (RCE) vulnerability
9.1
2 days ago
Writeprint Stylometry
<= 0.1
Reflected Cross-Site Scripting via 'p' Parameter vulnerability
7.1
2 days ago
[CR]Paid Link Manager
<= 0.5
Reflected Cross-Site Scripting vulnerability
7.1
2 days ago
WP Go Maps
<= 10.0.05
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability
6.5
2 days ago
Duplicate Post
<= 4.5
Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability
5.4
2 days ago
Load more