The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,002

MitigationsMitigation rules14,476

No official patch11,202

In triage1,536

Published soon0

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
JS Archive List<= 6.1.7 Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability	7.5	28 minutes ago
CM Custom WordPress Reports and Analytics<= 1.2.7 Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters vulnerability	7.1	30 minutes ago
ZIP Code Based Content Protection<= 1.0.2 Unauthenticated SQL Injection via 'zipcode' Parameter vulnerability	9.3	31 minutes ago
LotekMedia Popup Form<= 1.0.6 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability	5.9	2 days ago
True Ranker<= 2.2.9 Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability	4.3	2 days ago
Carta Online<= 2.13.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability	5.9	2 days ago
Infomaniak Connect for OpenID<= 1.0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Font Pairing Preview For Landing Pages<= 1.3 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
Show YouTube video<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	6.5	2 days ago
Purchase Button For Affiliate Link<= 1.0.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
DA Media GigList<= 1.9.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability	6.5	2 days ago
Consensus Embed<= 1.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability	6.5	2 days ago
Media Library Alt Text Editor<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability	6.5	2 days ago
The Guardian News Feed<= 1.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
MyQtip – easy qTip2<= 2.0.5 WordPress MyQtip - easy qTip2 plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	2 days ago
Wueen<= 0.2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via plugin's Shortcode vulnerability	6.5	2 days ago
Mobile DJ Manager<= 1.7.8.1 Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion vulnerability	5.3	2 days ago
MailArchiver<= 4.4.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability	5.9	2 days ago
Community Events<= 1.5.8 Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability	7.6	2 days ago
ProfileGrid <= 5.9.8.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability	4.3	2 days ago