Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,670
Mitigations
Mitigation rules
14,811
No official patch
11,246
In triage
1,605
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP Travel Engine
<= 6.7.5
WordPress WP Travel Engine - Travel and Tour Booking Plugin plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode vulnerability
6.5
16 hours ago
ElementsKit Elementor addons Lite
<= 3.7.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget vulnerability
6.5
16 hours ago
WCFM – Frontend Manager for WooCommerce
<= 6.7.25
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability
8.1
17 hours ago
Shortcodes Ultimate
<= 7.4.7
Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability
6.5
17 hours ago
Shortcodes Ultimate
<= 7.4.8
authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability
5.9
17 hours ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass vulnerability
6.5
17 hours ago
Simple Shopping Cart
<= 5.2.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability
6.5
17 hours ago
Xpro Elementor Addons
<= 1.4.20
WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
18 hours ago
Gutenverse
<= 3.4.6
WordPress Gutenverse - Ultimate WordPress FSE Blocks Addons & Ecosystem plugin <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad' vulnerability
6.5
18 hours ago
Xpro Elementor Addons
<= 1.4.24
WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget vulnerability
6.5
18 hours ago
Spam Protect for Contact Form 7
< 1.2.10
Editor+ Remote Code Execution vulnerability
7.2
1 day ago
Perfmatters
<= 2.5.9.1
Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability
8.1
1 day ago
MSTW League Manager
<= 2.10
Cross Site Scripting (XSS) vulnerability
6.5
2 days ago
Webmention
<= 5.6.2
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
2 days ago
MW WP Form
<= 5.1.0
Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir vulnerability
8.1
2 days ago
W3 Total Cache
<= 2.9.3
Unauthenticated Security Token Exposure via User-Agent Header vulnerability
7.5
2 days ago
Order Listener for WooCommerce
< 3.6.3
Unauthenticated WooCommerce REST Permission Bypass vulnerability
7.5
2 days ago
Webmention
<= 5.6.2
Unauthenticated Blind Server-Side Request Forgery vulnerability
5.4
2 days ago
Export All URLs
< 5.1
Unauthenticated Sensitive Data Exposure vulnerability
5.3
2 days ago
Query Monitor
<= 3.20.3
Reflected Cross-Site Scripting via Request URI vulnerability
7.1
3 days ago
Load more