Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,161
Mitigations
Mitigation rules
14,973
No official patch
11,322
In triage
1,385
Published soon
23
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
FluentForm
6.1.21
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability
5.3
2 hours ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.6
Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability
7.5
2 hours ago
wpForo Forum
<= 2.4.16
Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability
6.5
3 hours ago
WP Statistics
<= 14.16.4
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability
6.5
3 hours ago
WP Statistics
<= 14.16.4
Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
7.1
3 hours ago
MasterStudy LMS
<= 3.7.25
Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
8.5
3 hours ago
DirectoryPress
<= 3.6.26
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability
9.3
3 hours ago
WowShipping Pro
< 1.0.8
Backdoor vulnerability
10
4 hours ago
CMS für Motorrad Werkstätten
<= 1.0.0
Cross-Site Request Forgery vulnerability
4.3
10 hours ago
Canto
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability
4.3
10 hours ago
Quiz And Survey Master
<= 10.1.0
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
5.3
10 hours ago
Backup Guard
<= 3.1.19.8
Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability
4.9
10 hours ago
LatePoint
<= 5.3.2
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
5.3
10 hours ago
Tutor LMS
<= 3.9.8
Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
7.6
10 hours ago
Tutor LMS
<= 3.9.8
Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
5.3
10 hours ago
Kubio AI Page Builder
<= 2.7.2
Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability
5.3
10 hours ago
Form Maker by 10Web
<= 1.15.40
Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability
7.6
10 hours ago
Royal Elementor Addons
<= 1.7.1056
Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability
6.5
10 hours ago
OneSignal – Web Push Notifications
<= 3.8.0
WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability
3.1
13 hours ago
Better Find and Replace
<= 1.7.9
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
5.9
13 hours ago
Load more