The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,225

Mitigation rules13,123

No official fix9,836

In triage1,406

Published soon25

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Unlimited Elements for Elementor (Premium)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	8 hours ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	8 hours ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.0 Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability	7.2	8 hours ago
PowerPress Podcasting<= 11.15.2 Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post' vulnerability	9.9	9 hours ago
WP Directory Kit<= 1.4.5 Reflected Cross-Site Scripting via 'order_by' Parameter vulnerability	7.1	9 hours ago
Customer Reviews Collector for WooCommerce<= 4.6.1 Reflected Cross-Site Scripting vulnerability	7.1	10 hours ago
Simple Folio<= 1.1.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	10 hours ago
Houzez<= 4.1.6 Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	7.1	10 hours ago
Folders<= 3.1.5 Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation vulnerability	4.3	10 hours ago
SKT PayPal for WooCommerce<= 1.4 Unauthenticated Payment Bypass vulnerability	7.5	10 hours ago
Tiare Membership<= 1.2 Unauthenticated Privilege Escalation vulnerability	9.8	11 hours ago
Tiger<= 101.2.1 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	12 hours ago
Tiger<= 101.2.1 Privilege Escalation vulnerability	9.8	12 hours ago
FindAll Membership<= 1.0.4 Authentication Bypass via Social Login vulnerability	9.8	13 hours ago
Houzez<= 4.1.6 Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability	8.8	13 hours ago
WP Fastest Cache <= 1.4.0 Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions vulnerability	4.3	19 hours ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.0 Missing Authorization to Unauthenticated Media File Uploads vulnerability	5.3	19 hours ago
Quick View for WooCommerce<= 2.2.17 Unauthenticated Private Product Disclosure vulnerability	5.3	19 hours ago
QODE Wishlist for WooCommerce<= 1.2.7 Unauthenticated Insecure Direct Object Reference to Wishlist Update vulnerability	5.3	19 hours ago
Hide Category by User Role for WooCommerce<= 2.3.1 Missing Authorization to Unauthenticated Cache Flushing vulnerability	5.3	19 hours ago