The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,296

Mitigation rules13,148

No official fix9,835

In triage1,628

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WC Vendors Marketplace<= 2.6.4 Cross-Site Request Forgery to Vendor Product Deletion vulnerability	4.3	8 minutes ago
Weekly Planner<= 1.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	10 minutes ago
Live CSS Preview<= 2.0.0 Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability	5.4	20 minutes ago
Voidek Employee Portal<= 1.0.6 Missing Authorization vulnerability	5.3	21 minutes ago
Payaza<= 0.3.8 Missing Authorization to Unauthenticated Order Status Update vulnerability	5.3	22 minutes ago
Torod<= 1.9 Cross-Site Request Forgery To Plugin's Settings Modification vulnerability	4.3	26 minutes ago
Time Sheets<= 2.1.3 Cross-Site Request Forgery vulnerability	4.3	35 minutes ago
FitVids for WordPress<= 4.0.1 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	57 minutes ago
PostGallery<= 1.12.5 Authenticated (Subscriber+) Arbitrary File Upload vulnerability	9.9	11 hours ago
Clikstats<= 0.8 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	15 hours ago
Timetable and Event Schedule< 2.4.16 Contributor+ Event Disclosure via IDOR vulnerability	4.3	22 hours ago
Custom Post Type UI<= 1.18.0 Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability	4.8	23 hours ago
Beaver Builder<= 2.9.4 Missing Authorization to Authenticated (Contributor+) Builder Status Tampering vulnerability	5.4	23 hours ago
WebP Express<= 0.25.9 Unauthenticated Information Exposure vulnerability	5.3	23 hours ago
Post SMTP<= 3.6.1 Missing Authorization to Authenticated (Subscriber+) OAuth Token Update vulnerability	5.4	1 day ago
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Upload via Race Condition vulnerability	6.6	1 day ago
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Deletion vulnerability	6.8	1 day ago
DB Access<= 0.8.7 Subscriber+ SQLi vulnerability	8.5	1 day ago
WP Directory Kit1.4.0-1.4.4 Authentication Bypass to Privilege Escalation via Account Takeover vulnerability	9.8	1 day ago
Frontend Admin by DynamiApps<= 3.28.20 Unauthenticated Arbitrary Options Update vulnerability	9.8	1 day ago