The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total35,846

MitigationsMitigation rules13,234

No official fix10,084

In triage1,533

Published soon58

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
HTML Forms<= 1.6.0 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	22 minutes ago
Zephyr Project Manager<= 3.3.203 Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability	4.9	29 minutes ago
BP Better Messages<= 2.10.2 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	30 minutes ago
WP Social Ninja<= 4.0.1 Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification vulnerability	6.5	42 minutes ago
Ninja Forms<= 3.13.2 Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token vulnerability	7.5	2 hours ago
Download Plugins and Themes from Dashboard<= 1.9.6 Cross-Site Request Forgery to Bulk Plugin/Theme Archival vulnerability	4.3	7 hours ago
Converter for Media<= 6.3.2 Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint vulnerability	4.3	8 hours ago
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.0.7 Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability	5.3	8 hours ago
WP Recipe Maker<= 10.2.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	8 hours ago
Essential Addons for Elementor<= 6.5.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	8 hours ago
Essential Blocks for Gutenberg<= 5.7.2 Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability	4.3	8 hours ago
WP to LinkedIn Auto Publish<= 1.9.8 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	13 hours ago
Social Media Auto Publish<= 3.6.5 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	13 hours ago
WP3D Model Import Viewer<= 1.0.7 Authenticated (Contributor+) Arbitrary File Upload vulnerability	9.9	13 hours ago
Filter & Grids<= 3.2.0 Unauthenticated SQL Injection vulnerability	9.3	13 hours ago
Export WP Page to Static HTML/CSS<= 4.3.4 Unauthenticated Cookie Exposure via Log File vulnerability	9.8	13 hours ago
Postem Ipsum<= 3.0.1 Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users vulnerability	8.8	13 hours ago
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce<= 1.3.5 Unauthenticated Time-Based Blind SQL Injection vulnerability	9.3	13 hours ago
wpForo Forum<= 2.4.12 Unauthenticated SQL Injection vulnerability	9.3	13 hours ago
URL Shortener<= 3.0.7 Unauthenticated SQL Injection vulnerability	9.3	14 hours ago