The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,908

MitigationsMitigation rules14,417

No official patch11,184

In triage1,378

Published soon85

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder<= 1.6.0 WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability	6.5	26 minutes ago
Envira Photo Gallery<= 1.12.3 Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability	5.9	28 minutes ago
Enable Media Replace<= 4.1.7 Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability	5.4	29 minutes ago
WP-Members<= 3.5.5.1 Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability	8.5	31 minutes ago
Morkva UA Shipping<= 1.7.9 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability	5.9	32 minutes ago
Taskbuilder<= 5.0.3 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability	5.9	33 minutes ago
WPBookit<= 1.0.8 Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability	5.3	34 minutes ago
Email Subscribers & Newsletters<= 5.9.16 Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability	7.6	35 minutes ago
PostX<= 5.0.8 Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability	7.2	36 minutes ago
WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms<= 1.1.5 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	15 hours ago
Contest Gallery<= 28.1.4 Unauthenticated SQL Injection vulnerability	9.3	15 hours ago
User Registration<= 5.1.2 Unauthenticated Privilege Escalation via Membership Registration vulnerability	9.8	16 hours ago
All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login<= 2.2.5 Authentication Bypass vulnerability	9.8	16 hours ago
Master Addons for Elementor Premium<= 2.1.3 Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability	8.8	17 hours ago
Page Builder by SiteOrigin<= 2.33.5 Authenticated (Contributor+) Local File Inclusion vulnerability	8.8	1 day ago
Uncanny Automator<= 7.0.0.3 WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability	7.2	1 day ago
LatePoint<= 5.2.7 Authenticated (Administrator+) SQL Injection via JSON Import vulnerability	7.6	1 day ago
AI ChatBot with ChatGPT and Content Generator by AYS<= 2.7.5 Missing Authorization to Unauthenticated API Key Modification vulnerability	5.3	1 day ago
Blocksy<= 2.1.30 Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability	6.5	1 day ago
Super Stage WP<= 1.0.1 Unauthenticated PHP Object Injection vulnerability	9.8	1 day ago