The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,751

MitigationsMitigation rules14,274

No official patch11,070

In triage1,230

Published soon95

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Analytics Cat<= 1.1.2 Reflected Cross-Site Scripting vulnerability	7.1	2 hours ago
MailArchiver<= 4.5.0 Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter vulnerability	7.6	3 hours ago
Japanized For WooCommerce<= 2.8.4 Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability	5.3	3 hours ago
Electric Enquiries<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability	6.5	3 hours ago
WP Accessibility<= 2.3.1 Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability	6.5	3 hours ago
Simple Download Monitor<= 4.0.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability	6.5	3 hours ago
Xpro Elementor Addons<= 1.4.24 WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability	6.5	3 hours ago
Automotive Car Dealership Business<= 13.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields vulnerability	6.5	3 hours ago
WP Recipe Maker<= 10.3.2 Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability	5.3	3 hours ago
Planaday API<= 11.4 Reflected Cross-Site Scripting vulnerability	7.1	17 hours ago
Cost Calculator Pro<= 2.3.1 Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability	7.1	19 hours ago
Responsive Lightbox< 2.6.1 Unauthenticated Stored XSS vulnerability	7.1	19 hours ago
Worry Proof Backup<= 0.2.4 Authenticated (Subscriber+) Path Traversal via Backup Upload vulnerability	8.8	20 hours ago
User Registration<= 5.1.2 Authentication Bypass vulnerability	8.1	20 hours ago
WP Responsive Images<= 1.0 Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability	7.5	20 hours ago
Advanced Woo Labels<= 2.36 Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter vulnerability	8.8	1 day ago
User Registration<= 5.1.2 Insecure Direct Object Reference to Unauthenticated Limited User Deletion vulnerability	5.3	1 day ago
TP2WP Importer<= 1.1 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea vulnerability	5.9	1 day ago
WP Social Meta<= 1.0.1 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability	5.9	1 day ago
Custom Logo<= 2.2 Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability	5.9	1 day ago