The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,926

MitigationsMitigation rules14,436

No official patch11,184

In triage1,419

Published soon45

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
JS Help Desk<= 2.8.2 WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability	9.3	13 hours ago
All-in-One Video Gallery<= 4.7.1 Reflected Cross-Site Scripting via 'vi' Parameter vulnerability	7.1	14 hours ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder<= 1.6.0 WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability	6.5	20 hours ago
Envira Photo Gallery<= 1.12.3 Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability	5.9	20 hours ago
Enable Media Replace<= 4.1.7 Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability	5.4	20 hours ago
WP-Members<= 3.5.5.1 Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability	8.5	20 hours ago
Morkva UA Shipping<= 1.7.9 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability	5.9	20 hours ago
Taskbuilder<= 5.0.3 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability	5.9	20 hours ago
WPBookit<= 1.0.8 Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability	5.3	20 hours ago
Email Subscribers & Newsletters<= 5.9.16 Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability	7.6	20 hours ago
PostX<= 5.0.8 Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability	7.2	20 hours ago
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Contest Gallery<= 28.1.4 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
User Registration<= 5.1.2 Unauthenticated Privilege Escalation via Membership Registration vulnerability	9.8	1 day ago
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login<= 2.2.5 Authentication Bypass vulnerability	9.8	1 day ago
Master Addons for Elementor Premium<= 2.1.3 Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability	8.8	1 day ago
Page Builder by SiteOrigin<= 2.33.5 Authenticated (Contributor+) Local File Inclusion vulnerability	8.8	1 day ago
Uncanny Automator<= 7.0.0.3 WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability	7.2	1 day ago
LatePoint<= 5.2.7 Authenticated (Administrator+) SQL Injection via JSON Import vulnerability	7.6	1 day ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.5 Missing Authorization to Unauthenticated API Key Modification vulnerability	5.3	1 day ago