Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,169
Mitigations
Mitigation rules
13,976
No official fix
10,871
In triage
1,295
Published soon
27
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WPZOOM Addons for Elementor
<= 1.3.2
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability
5.3
23 minutes ago
IDE Micro code-editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
31 minutes ago
BuddyHolis ListSearch
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability
6.5
31 minutes ago
WDES Responsive Popup
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability
6.5
32 minutes ago
Invoct – PDF Invoices & Billing for WooCommerce
<= 1.6
WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
4.3
33 minutes ago
MMA Call Tracking
<= 2.3.15
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
34 minutes ago
WPlyr Media Block
<= 1.3.0
Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter vulnerability
5.9
35 minutes ago
Slideshow Wp
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability
6.5
36 minutes ago
Sudoku Shortcode
<= 1.0.0
Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability
6.5
37 minutes ago
HTML Shortcodes
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
41 minutes ago
OpenPOS Lite – Point of Sale for WooCommerce
<= 3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
43 minutes ago
WaMate Confirm
<= 2.0.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability
5.3
44 minutes ago
Category Image
<= 2.0
Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability
5.9
46 minutes ago
Microtango
<= 0.9.29
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
48 minutes ago
Post Slides
<= 1.0.1
Contributor+ Local File Inclusion vulnerability
7.5
50 minutes ago
Orbisius Random Name Generator
<= 1.0.2
Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute vulnerability
6.5
52 minutes ago
Beaver Builder
<= 2.10.0.5
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings vulnerability
6.5
53 minutes ago
FooGallery
<= 3.1.9
Missing Authorization to Authenticated (Subscriber+) Arbitrary Gallery Metadata Exposure vulnerability
4.3
55 minutes ago
Lucky Wheel Giveaway
<= 1.0.22
Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability
9.1
56 minutes ago
Tune Library
<= 1.6.3
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import vulnerability
6.5
12 hours ago
Load more