The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,332

Mitigation rules13,159

No official fix9,860

In triage1,658

Published soon5

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Flex QR Code Generator<= 1.2.6 Unauthenticated Arbitrary File Upload vulnerability	10	6 minutes ago
10Web Booster – Website speed optimization, Cache & Page Speed optimizer<= 2.32.7 Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache vulnerability	9.6	10 minutes ago
WPKoi Templates for Elementor<= 3.4.4 Broken Access Control vulnerability	4.3	2 days ago
Canadian Nutrition Facts Label<= 3.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability	6.5	2 days ago
Social Feed Gallery Portfolio<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	6.5	2 days ago
CodeConfig Accessibility<= 1.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability	5.4	2 days ago
RevInsite<= 1.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Extra Post Images<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Cute News Ticker<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability	6.5	2 days ago
g-FFL Cockpit<= 1.7.1 Improper Authorization to Unauthenticated Product Deletion vulnerability	5.3	2 days ago
CSS3 Buttons<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
List Attachments Shortcode<= 0.4.1a Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability	5.9	2 days ago
WP Landing Page<= 0.9.3 Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability	4.3	2 days ago
Listar – Directory Listing & Classifieds<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Listing Update vulnerability	5.4	2 days ago
Helloprint<= 2.1.2 Missing Authorization to Unauthenticated Arbitrary Order Status Modification vulnerability	5.3	2 days ago
Search, Filters & Merchandising for WooCommerce<= 3.0.63 Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation vulnerability	5.4	2 days ago
Ultra Skype Button<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability	6.5	2 days ago
TR Timthumb<= 1.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Yet Another WebClap for WordPress<= 0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
weDocs<= 2.1.14 Missing Authorization to Settings Update vulnerability	5.4	2 days ago