Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,144
Mitigations
Mitigation rules
14,966
No official patch
11,321
In triage
1,375
Published soon
23
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
OneSignal – Web Push Notifications
<= 3.8.0
WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability
3.1
1 hour ago
Better Find and Replace
<= 1.7.9
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
5.9
1 hour ago
Prismatic
<= 3.7.3
Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability
7.1
14 hours ago
Livemesh Addons for Elementor
<= 9.0
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings vulnerability
6.5
14 hours ago
Customer Reviews for WooCommerce
<= 5.101.0
Reflected Cross-Site Scripting via 'crsearch' vulnerability
7.1
14 hours ago
Product Pricing Table by WooBeWoo
<= 1.1.0
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
7.1
14 hours ago
WP Docs
<= 2.2.9
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability
6.5
15 hours ago
Form Maker by 10Web
<= 1.15.40
Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability
7.1
15 hours ago
Riaxe Product Customizer
<= 2.1.2
Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability
9.3
15 hours ago
Accessibility Suite
<= 4.20
Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability
8.5
15 hours ago
AcyMailing SMTP Newsletter
9.11.0-10.8.1
WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
8.8
15 hours ago
Riaxe Product Customizer
<= 2.1.2
Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability
9.8
15 hours ago
Career Section
<= 1.6
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
8.6
16 hours ago
Redsys for WooCommerce Light
<= 7.0.0
Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability
7.5
16 hours ago
Barcode Scanner with Inventory & Order Manager
<= 1.11.0
Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability
9.8
16 hours ago
PostX
<= 5.0.5
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability
5.3
21 hours ago
BetterDocs
<= 4.3.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
21 hours ago
Email Encoder Bundle
<= 2.4.4
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability
6.5
21 hours ago
Livemesh Addons for Elementor
<= 9.0
Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability
8.8
1 day ago
WP Maps
<= 4.8.7
WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability
6.5
1 day ago
Load more