Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,484
Mitigations
Mitigation rules
14,082
No official fix
10,958
In triage
1,238
Published soon
32
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WPNakama
<= 0.6.5
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
9.3
3 minutes ago
Taskbuilder
<= 5.0.2
Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
8.5
5 minutes ago
Business Directory
<= 6.4.21
Unauthenticated SQL Injection via payment Parameter vulnerability
9.3
31 minutes ago
RegistrationMagic
<= 6.0.6.9
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
5.3
6 hours ago
Complianz
<= 7.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
6 hours ago
User Submitted Posts
<= 20260113
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
5.3
6 hours ago
Video Share VOD
<= 2.7.11
Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
6.5
6 hours ago
SiteOrigin Widgets Bundle
<= 1.70.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
5.4
6 hours ago
Community Events
<= 1.5.7
Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability
5.9
6 hours ago
WP Event Aggregator
<= 1.8.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
6 hours ago
Business Directory
<= 6.4.20
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
5.3
6 hours ago
EventPrime
<= 4.2.8.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
4.3
6 hours ago
WP-DownloadManager
<= 1.69
Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability
2.7
6 hours ago
Dam Spam
<= 1.0.8
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
4.3
6 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
2.7
6 hours ago
Kali Forms
<= 2.4.8
Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability
4.3
6 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
2.7
6 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
5.9
6 hours ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
7.2
6 hours ago
Private Comment
<= 0.0.4
Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability
5.9
6 hours ago
Load more