The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,107

Mitigation rules13,049

No official fix9,807

In triage1,307

Published soon34

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Zegen Core<= 2.0.1 Cross-Site Request Forgery to Arbitrary File Upload vulnerability	9.6	6 hours ago
LearnPress<= 4.2.9.4 Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability	5.3	6 hours ago
Fluent CRM<= 2.9.84 Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode vulnerability	6.5	6 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.2.9 Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client' vulnerability	4.3	6 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Role Removal vulnerability	5.4	6 hours ago
Magical Products Display<= 1.1.29 Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget vulnerability	6.5	14 hours ago
Tainacan<= 1.0.0 Unauthenticated Information Exposure vulnerability	5.3	14 hours ago
WP Delete Post Copies<= 6.0.2 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	14 hours ago
Groundhogg<= 4.2.6.1 Authenticated (Admin+) SQL Injection vulnerability	7.6	14 hours ago
HT Mega<= 3.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection vulnerability	6.5	14 hours ago
Post Expirator<= 4.9.1 Authenticated (Author+) Missing Authorization to Post/Page Status Modification vulnerability	3.8	15 hours ago
Shortcode for Google Street View<= 0.5.7 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	15 hours ago
WP Company Info<= 1.9.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	15 hours ago
Keydatas<= 2.6.3 Authenticated (Admin+) Arbitrary File Read vulnerability	4.9	15 hours ago
WPSite Shortcode<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
Display Pages Shortcode<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
HotelRunner Booking Widget<= 5.2.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
Custom Post Type<= 1.0 Cross-Site Request Forgery to Custom Post Type Deletion vulnerability	4.3	15 hours ago
BrightTALK WordPress Shortcode<= 2.4.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	16 hours ago
Surbma \| MiniCRM Shortcode<= 2.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	16 hours ago