The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total46,895

MitigationsMitigation rules15,211

No official patch13,394

In triage1,547

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Royal Elementor Addons<= 1.7.1058 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
User Registration<= 5.1.5 Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability	5.3	3 hours ago
MW WP Form<= 5.1.2 Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability	5.3	3 hours ago
CC Child Pages<= 2.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
Bold Page Builder<= 5.6.8 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	5 hours ago
Meta Field Block<= 1.5.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	5 hours ago
Media Sync<= 1.4.9 Authenticated (Author+) Path Traversal vulnerability	6.5	5 hours ago
LatePoint<= 5.3.2 Cross-Site Request Forgery vulnerability	4.3	5 hours ago
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content<= 7.8.5.10 One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin <= 7.8.5.10 - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering vulnerability	5.4	6 hours ago
LearnPress<= 4.3.5 Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment vulnerability	4.3	8 hours ago
Envira Photo Gallery<= 1.12.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	8 hours ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.7 Authenticated (Contributor+) SQL Injection vulnerability	8.5	9 hours ago
ACF Extended<= 0.9.2.3 Unauthenticated Arbitrary Shortcode Execution vulnerability	6.5	11 hours ago
Google Analytics by Monster Insights<= 10.1.2 Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability	7.1	11 hours ago
Custom Twitter Feeds (Tweets Widget)<= 2.5.4 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	12 hours ago
ProfileGrid <= 5.9.8.4 Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability	7.1	12 hours ago
Fusion Builder<= 3.15.1 Unauthenticated SQL Injection vulnerability	9.3	12 hours ago
Fusion Builder<= 3.15.2 Authenticated (Subscriber+) Arbitrary File Read vulnerability	6.5	12 hours ago
Court Reservation<= 1.10.11 Unauthenticated SQL Injection vulnerability	9.3	13 hours ago
coreActivity: Activity Logging plugin for WordPress<= 3.0 Unauthenticated PHP Object Injection vulnerability	8.1	13 hours ago