Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,495
Mitigations
Mitigation rules
13,772
No official fix
10,778
In triage
1,257
Published soon
1
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Royal Elementor Addons
<= 1.7.1001
Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
6.5
2 minutes ago
Ultimate Coming Soon & Maintenance
<= 1.0.9
Missing Authorization to Unauthenticated Template Activation vulnerability
5.3
4 minutes ago
Ultimate Coming Soon & Maintenance
<= 1.0.9
Missing Authorization to Authenticated (Subscriber+) Template Name Update vulnerability
4.3
4 minutes ago
Element Pack Elementor Addons
<= 5.10.2
Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget vulnerability
6.5
5 minutes ago
Essential Addons for Elementor
<= 6.1.12
Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability
6.5
10 minutes ago
GPT3 AI Content Writer
<= 1.8.96
Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability
7.2
11 minutes ago
cits-support-svg-webp-media-upload
<= 4.2
Cross-Site Request Forgery to Settings Update vulnerability
4.3
14 minutes ago
LazyTasks
<= 1.2.29
Missing Authorization to Uanuthenticated Privilege Escalation vulnerability
9.8
16 minutes ago
CRM Memberships
<= 2.5
Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability
9.8
18 minutes ago
Featured Image from URL
<= 5.2.7
Authenticated (Admin+) SQL Injection vulnerability
7.6
34 minutes ago
Memberlite Shortcodes
<= 1.4
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
35 minutes ago
Cookie Notice & Compliance for GDPR / CCPA
<= 2.5.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
1 hour ago
VK All in One Expansion Unit
<= 9.112.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 hour ago
JetFormBuilder
<= 3.5.3
Missing Authorization to Unauthenticated Form Generation vulnerability
5.3
1 hour ago
Double the Donation
<= 3.0.0
Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
5.9
1 hour ago
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.1
Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability
4.3
1 hour ago
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.1
Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability
4.3
1 hour ago
Course Booking System
<= 6.1.5
Missing Authorization to Unauthenticated Booking Data Export vulnerability
5.3
2 hours ago
Return Refund and Exchange For WooCommerce
<= 4.5.5
Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation vulnerability
4.3
2 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.1
Missing Authorization to Authenticated (Subscriber+) Trash Empty vulnerability
4.3
2 hours ago
Load more