Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,278
Mitigations
Mitigation rules
14,574
No official patch
11,208
In triage
1,326
Published soon
32
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP User Frontend
<= 4.2.8
Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability
5.3
8 minutes ago
Wicked Folders
<= 4.1.0
Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability
4.3
9 minutes ago
Thim Elementor Kit
<= 1.3.7
Missing Authorization to Unauthenticated Private Course Disclosure vulnerability
5.3
38 minutes ago
WP EasyPay
<= 4.2.11
Broken Access Control vulnerability
5.4
5 hours ago
Modern Events Calendar
<= 7.29.0
Broken Access Control vulnerability
5.3
6 hours ago
Ultimate Addons for Contact Form 7
<= 3.5.36
Cross Site Scripting (XSS) vulnerability
6.5
2 days ago
UpsellWP
<= 2.2.4
SQL Injection vulnerability
7.6
2 days ago
Search & Go
<= 2.8
Privilege Escalation vulnerability
9.8
3 days ago
Subscriptions for WooCommerce
<= 1.8.10
Bypass Vulnerability vulnerability
7.5
3 days ago
Formidable Forms
<= 6.28
Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability
5.3
3 days ago
Formidable Forms
<= 6.28
Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability
7.5
3 days ago
Simply Schedule Appointments
<= 1.6.9.29
Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability
7.5
3 days ago
Pix for WooCommerce
<= 1.5.0
Unauthenticated Arbitrary File Upload vulnerability
10
3 days ago
Calculated Fields Form
<= 5.4.5.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability
6.5
3 days ago
Social Icons Widget & Block by WPZOOM
<= 4.5.8
Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability
4.3
3 days ago
GetGenie
<= 4.3.2
Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API vulnerability
5.9
3 days ago
GetGenie
<= 4.3.2
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability
5.4
3 days ago
Simply Schedule Appointments
<= 1.6.9.29
Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability
4.3
3 days ago
Reading progressbar
< 1.3.1
Admin+ Stored XSS vulnerability
5.9
3 days ago
Timetics
< 1.0.52
Unauthenticated Payment/Booking Status Update vulnerability
4.3
3 days ago
Load more