The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,946

MitigationsMitigation rules15,500

No official patch12,979

In triage1,569

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
UpdraftPlus<= 1.26.4 Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability	8.1	6 hours ago
Newsletters<= 4.13 Unauthenticated SQL Injection vulnerability	9.3	14 hours ago
Doctreat Core<= 1.6.8 Unauthenticated Privilege Escalation vulnerability	9.8	14 hours ago
aThemes Addons for Elementor<= 1.1.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
MW WP Form<= 5.1.3 Authenticated (Editor+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Easy Image Collage<= 1.13.6 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	1 day ago
Slider Revolution<= 7.0.10 Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability	6.5	1 day ago
WP GDPR Cookie Consent<= 1.0.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
FV Flowplayer Video Player<= 7.5.49.7212 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Booking Package<= 1.7.16 Authenticated (Editor+) Privilege Escalation vulnerability	7.2	1 day ago
Ad Inserter<= 2.8.15 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More<= 1.0.15 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
All In One WP Security & Firewall<= 5.4.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Advanced Google reCAPTCHA<= 5.38 Authenticated (Subscriber+) Authentication Bypass vulnerability	8.8	1 day ago
Hippoo Mobile App for WooCommerce<= 1.9.4 Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability	9.8	1 day ago
WP User Manager<= 2.9.17 Unauthenticated Path Traversal to Local File Inclusion vulnerability	7.5	1 day ago
6Storage Rentals<= 2.22.0 Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability	7.5	1 day ago
Advanced Google reCAPTCHA<= 5.38 Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability	8.8	1 day ago
Events Calendar for GeoDirectory<= 2.3.28 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	1 day ago
Recover Exit For WooCommerce<= 1.0.3 Unauthenticated Local File Inclusion vulnerability	10	1 day ago