The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,495

MitigationsMitigation rules13,772

No official fix10,778

In triage1,257

Published soon1

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Qubely<= 1.8.12 Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability	6.5	Just now
Shortcodes and extra features for Phlox theme<= 2.17.0 Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability	6.5	Just now
Royal Elementor Addons<= 1.7.1001 Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability	6.5	4 minutes ago
Ultimate Coming Soon & Maintenance<= 1.0.9 Missing Authorization to Unauthenticated Template Activation vulnerability	5.3	6 minutes ago
Ultimate Coming Soon & Maintenance<= 1.0.9 Missing Authorization to Authenticated (Subscriber+) Template Name Update vulnerability	4.3	6 minutes ago
Element Pack Elementor Addons<= 5.10.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget vulnerability	6.5	7 minutes ago
Essential Addons for Elementor<= 6.1.12 Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability	6.5	12 minutes ago
GPT3 AI Content Writer<= 1.8.96 Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability	7.2	13 minutes ago
cits-support-svg-webp-media-upload<= 4.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	16 minutes ago
LazyTasks<= 1.2.29 Missing Authorization to Uanuthenticated Privilege Escalation vulnerability	9.8	19 minutes ago
CRM Memberships<= 2.5 Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint vulnerability	9.8	20 minutes ago
Featured Image from URL<= 5.2.7 Authenticated (Admin+) SQL Injection vulnerability	7.6	36 minutes ago
Memberlite Shortcodes<= 1.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	37 minutes ago
Cookie Notice & Compliance for GDPR / CCPA<= 2.5.8 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	1 hour ago
VK All in One Expansion Unit<= 9.112.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 hour ago
JetFormBuilder<= 3.5.3 Missing Authorization to Unauthenticated Form Generation vulnerability	5.3	1 hour ago
Double the Donation<= 3.0.0 Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	5.9	1 hour ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability	4.3	1 hour ago
ELEX WordPress HelpDesk & Customer Ticketing System<= 3.3.1 Missing Authorization to Authenticated (Subscriber+) Trash Restore vulnerability	4.3	1 hour ago
Course Booking System<= 6.1.5 Missing Authorization to Unauthenticated Booking Data Export vulnerability	5.3	2 hours ago