The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total48,800

MitigationsMitigation rules15,729

No official patch13,011

In triage1,354

Published soon41

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Editorial Rating – Product Review & Rating System<= 4.0.5 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	15 hours ago
Premium Addons for KingComposer<= 1.1.1 Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability	5.3	15 hours ago
PixMagix – WordPress Image Editor<= 1.7.2 Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability	4.9	15 hours ago
Plugin for Google Analytics by IO technologies<= 1.1 Cross-Site Request Forgery vulnerability	4.3	15 hours ago
Team Member<= 8.7 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	16 hours ago
Werkstatt<= 4.7.2 Cross Site Request Forgery (CSRF) vulnerability	4.3	18 hours ago
Werkstatt<= 4.7.2 Broken Access Control vulnerability	4.3	19 hours ago
Martfury - WooCommerce Marketplace WordPress Theme<= 3.2.8 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability	4.3	19 hours ago
TheFox<= 3.9.70 Cross Site Scripting (XSS) vulnerability	6.5	19 hours ago
Custom Field Template<= 2.7.8 SQL Injection vulnerability	8.5	19 hours ago
Woffice<= 5.4.31 Broken Access Control vulnerability	5.3	21 hours ago
Simple User Avatar<= 4.9 Insecure Direct Object References (IDOR) vulnerability	4.3	23 hours ago
Embed Privacy<= 1.12.3 Arbitrary File Deletion vulnerability	7.1	23 hours ago
RegistrationMagic<= 6.0.8.6 Authenticated (Subscriber+) Authentication Bypass vulnerability	5.3	3 days ago
WP Full Stripe Free<= 8.4.3 Missing Authorization to Unauthenticated Payment Record Manipulation vulnerability	5.3	3 days ago
Quiz And Survey Master<= 11.1.4 Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability	4.3	3 days ago
Product Specifications for Woocommerce<= 0.8.9 Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion vulnerability	4.3	3 days ago
Masteriyo - LMS<= 2.2.1 Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement Modification vulnerability	4.3	3 days ago
Dokan<= 5.0.4 Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure vulnerability	4.3	3 days ago
Gutenverse<= 3.8.0 Authenticated (Editor+) Stored Cross-Site Scripting vulnerability	5.9	3 days ago