The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total40,207

MitigationsMitigation rules15,013

No official patch11,312

In triage1,408

Published soon30

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Hostel<= 1.1.6 Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability	7.1	7 hours ago
Youzify<= 1.3.6 Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter vulnerability	6.5	7 hours ago
Easy Appointments<= 3.12.21 Unauthenticated Sensitive Information Exposure via REST API vulnerability	7.5	7 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.6 Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass vulnerability	8.1	7 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.6 Unauthenticated Limited Arbitrary File Read via mfile Field vulnerability	7.5	7 hours ago
WP Customer Area<= 8.3.4 Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attach_file vulnerability	8.8	7 hours ago
CMP – Coming Soon & Maintenance<= 4.1.16 WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability	7.2	17 hours ago
Ultimate Flipbox Addon for Elementor<= 2.0.8 Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability	5.9	17 hours ago
Pz-LinkCard<= 2.5.8.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	17 hours ago
WpStream< 4.11.2 Arbitrary File Upload vulnerability	5.4	3 days ago
FluentForm6.1.21 WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability	5.3	3 days ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.6 Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability	7.5	3 days ago
wpForo Forum<= 2.4.16 Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability	6.5	3 days ago
WP Statistics<= 14.16.4 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability	6.5	3 days ago
WP Statistics<= 14.16.4 Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability	7.1	3 days ago
MasterStudy LMS<= 3.7.25 Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability	8.5	3 days ago
DirectoryPress<= 3.6.26 WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability	9.3	3 days ago
WowShipping Pro< 1.0.8 Backdoor vulnerability	10	3 days ago
CMS für Motorrad Werkstätten<= 1.0.0 Cross-Site Request Forgery vulnerability	4.3	3 days ago
Canto<= 3.1.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability	4.3	3 days ago