The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,160

Mitigation rules13,068

No official fix9,835

In triage1,310

Published soon28

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Attention Bar<= 0.7.2.1 Authenticated (Contributor+) SQL Injection vulnerability	8.5	4 hours ago
OrderConvo<= 14 Missing Authorization to Unauthenticated Information Disclosure vulnerability	5.3	4 hours ago
OrderConvo<= 14 Missing Authorization to Unauthenticated User Impersonation in Order Messages vulnerability	4.3	4 hours ago
Chamber Dashboard Business Directory<= 3.3.11 Missing Authorization to Unauthenticated Business Information Export vulnerability	5.3	4 hours ago
Refund Request for WooCommerce<= 1.0 Missing Authorization to Authenticated (Subscriber+) Refund Status Update vulnerability	5.4	4 hours ago
Locker Content<= 1.0.0 Unauthenticated Information Exposure vulnerability	5.3	5 hours ago
Frontend File Manager<= 23.4 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File Renaming vulnerability	5.4	5 hours ago
Social Images Widget<= 2.1 Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion vulnerability	5.3	5 hours ago
Autochat Automatic Conversation<= 1.1.9 Missing Authorization to Unauthenticated Settings Update vulnerability	5.3	5 hours ago
YouTube Subscribe<= 3.0.0 Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability	5.9	5 hours ago
Conditionnal Maintenance Mode for WordPress<= 1.0.0 Cross-Site Request Forgery vulnerability	4.3	5 hours ago
ProjectList<= 0.3.0 Authenticated (Editor+) SQL Injection via 'id' Parameter vulnerability	8.5	5 hours ago
Just Highlight<= 1.0.3 Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting vulnerability	5.9	5 hours ago
Inline frame – Iframe<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	5 hours ago
Ace Post Type Builder<= 1.9 Missing Authorization to Authenticated (Subscriber+) Arbitrary Custom Taxonomy Deletion via 'taxonomy' Parameter vulnerability	5.4	5 hours ago
Zweb Social Mobile<= 1.0.0 WordPress ZWeb - Social Mobile plugin <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.1	5 hours ago
Bookme – Free Online Appointment Booking and Scheduling Plugin<= 4.2 Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter vulnerability	7.6	5 hours ago
Peer Publish<= 1.0 Cross-Site Request Forgery vulnerability	4.3	5 hours ago
atec Duplicate Page & Post<= 1.2.20 Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure vulnerability	5.3	5 hours ago
Blog2Social<= 8.7.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing vulnerability	5.4	6 hours ago