The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,471

MitigationsMitigation rules13,770

No official fix10,776

In triage1,258

Published soon1

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Course Booking System<= 6.1.5 Missing Authorization to Unauthenticated Booking Data Export vulnerability	5.3	7 minutes ago
Return Refund and Exchange For WooCommerce<= 4.5.5 Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability	4.3	9 minutes ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability	4.3	9 minutes ago
CubeWP<= 1.1.27 Unauthenticated Information Exposure vulnerability	5.3	10 minutes ago
EPROLO Dropshipping<= 2.3.1 Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification vulnerability	4.3	12 minutes ago
Hide Categories Or Products On Shop Page<= 1.0.7 Cross-Site Request Forgery to Settings Update vulnerability	4.3	13 minutes ago
XCloner<= 4.8.2 Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability	4.3	15 minutes ago
Omnipress<= 1.6.5 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	18 minutes ago
Webcake<= 1.1 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	4.3	18 minutes ago
Bread & Butter<= 7.11.1374 Cross-Site Request Forgery to Arbitrary File Upload vulnerability	9.6	25 minutes ago
Image Optimizer by wps.sk<= 1.2.0 Cross-Site Request Forgery to Bulk Image Optimization vulnerability	4.3	25 minutes ago
Sermon Manager<= 2.30.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	26 minutes ago
Takeads<= 1.0.13 Missing Authorization to Plugin Settings Deletion vulnerability	4.3	27 minutes ago
Shortcodes and extra features for Phlox theme<= 2.17.13 Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget vulnerability	6.5	28 minutes ago
Private Google Calendars<= 20250811 Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability	4.3	30 minutes ago
WPvivid Backup and Migration<= 0.9.120 Authenticated (Admin+) Arbitrary Directory Creation vulnerability	2.7	2 hours ago
KiotViet Sync<= 1.8.5 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	4.3	2 hours ago
Subscriptions & Memberships for PayPal<= 1.1.7 Unauthenticated Fake Payment Creation vulnerability	5.3	2 hours ago
g-FFL Cockpit<= 1.7.1 Missing Authorization to Unauthenticated Information Exposure vulnerability	5.3	2 hours ago
Premmerce Brands for WooCommerce<= 1.2.13 Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update vulnerability	4.3	3 hours ago