The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,537

MitigationsMitigation rules14,745

No official patch11,254

In triage1,364

Published soon75

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Ed's Social Share<= 2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	3 minutes ago
Ricerca – advanced search<= 1.1.12 WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability	5.9	5 minutes ago
ElementCamp<= 2.3.6 Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter vulnerability	8.5	10 minutes ago
CMS Commander<= 2.288 Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability	8.5	14 minutes ago
MinhNhut Link Gateway<= 3.6.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	15 minutes ago
Comment SPAM Wiper<= 1.2.1 Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability	5.9	16 minutes ago
Wikilookup<= 1.1.5 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting vulnerability	5.9	18 minutes ago
Canto<= 3.1.1 Missing Authorization to Unauthenticated File Upload vulnerability	5.3	20 minutes ago
Multi Functional Flexi Lightbox<= 1.2 Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter vulnerability	5.9	21 minutes ago
Xhanch – My Advanced Settings<= 1.1.2 WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability	4.3	23 minutes ago
Lobot Slider Administrator<= 0.6.0 Cross-Site Request Forgery to Settings Update vulnerability	4.3	25 minutes ago
FuseDesk<= 6.8 Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute vulnerability	6.5	26 minutes ago
Any Post Slider<= 1.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_type' Shortcode Attribute vulnerability	6.5	27 minutes ago
Appmax<= 1.0.3 Missing Authorization to Order Status Manipulation and Arbitrary Order Creation via Webhook Endpoint vulnerability	5.3	29 minutes ago
Go Night Pro<= 1.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute vulnerability	6.5	30 minutes ago
Build App Online<= 1.0.23 Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability	5.3	31 minutes ago
REST API TO MiniProgram<= 5.1.2 Authenticated (Subscriber+) Insecure Direct Object Reference via 'userid' REST API Parameter vulnerability	4.3	35 minutes ago
Sherk Custom Post Type Displays<= 1.2.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability	6.5	39 minutes ago
e-shot<= 1.0.2 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action vulnerability	5.3	42 minutes ago
Punnel – Landing Page Builder<= 1.3.1 Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action vulnerability	5.3	43 minutes ago