Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,083
Mitigations
Mitigation rules
14,537
No official patch
11,207
In triage
1,531
Published soon
7
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Simple Ajax Chat
<= 20260217
Unauthenticated Stored Cross-Site Scripting via 'c' vulnerability
7.1
3 hours ago
PixelYourSite PRO
<= 12.4.0.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
3 hours ago
PixelYourSite – Your smart PIXEL (TAG) Manager
<= 11.2.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
3 hours ago
DukaPress
<= 3.2.4
Reflected XSS vulnerability
7.1
3 hours ago
WP Front User Submit / Front Editor
< 5.0.6
Unauthenticated Sensitive Information Exposure vulnerability
5.9
3 hours ago
ExactMetrics
7.1.0-9.0.2
Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update vulnerability
9.8
3 hours ago
Name Directory
<= 1.32.1
Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' vulnerability
7.1
3 hours ago
Checkout Field Editor (Checkout Manager) for WooCommerce
<= 2.1.7
Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability
7.1
4 hours ago
Contact Form & Lead Form Elementor Builder
<= 2.0.1
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
4 hours ago
Gravity Forms
<= 2.9.28
Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title vulnerability
6.5
4 hours ago
My Sticky Bar
<= 2.8.6
Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action vulnerability
9.3
4 hours ago
Datalogics Ecommerce Delivery
< 2.6.60
Unauthenticated Privilege Escalation vulnerability
9.8
4 hours ago
Divi Booster
< 5.0.2
Unauthenticated PHP Object Injection vulnerability
9.8
4 hours ago
RegistrationMagic
<= 6.0.7.2
Subscriber+ Sensitive Data Disclosure vulnerability
4.3
9 hours ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability
4.3
10 hours ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
< 1.6.1
Contributor+ Arbitrary Limited Options Update vulnerability
6.8
10 hours ago
ExactMetrics
8.6.0-9.0.2
Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
8.8
11 hours ago
weForms
<= 1.6.27
Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability
6.5
1 day ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass vulnerability
8.8
1 day ago
MC4WP
<= 4.11.1
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
6.5
1 day ago
Load more