Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,723
Mitigations
Mitigation rules
14,826
No official patch
11,213
In triage
1,630
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WowPress
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 minutes ago
Inquiry form to posts or pages
<= 1.0
Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability
5.9
14 minutes ago
The Plus Addons for Elementor Page Builder Lite
<= 6.4.9
WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar vulnerability
6.5
16 minutes ago
Backup Migration
<= 2.0.0
Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability
5.3
16 minutes ago
Investi
<= 1.0.26
Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute vulnerability
6.5
17 minutes ago
Strong Testimonials
<= 3.2.21
Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode vulnerability
6.5
18 minutes ago
TableOn
<= 1.0.4.4
WordPress TableOn - WordPress Posts Table Filterable plugin <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute vulnerability
6.5
19 minutes ago
LTL Freight Quotes – R+L Carriers Edition
<= 3.3.13
WordPress LTL Freight Quotes - R+L Carriers Edition plugin <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update vulnerability
5.3
23 minutes ago
MainWP Child Reports
<= 2.2.6
Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API vulnerability
5.3
24 minutes ago
Prime Slider – Addons For Elementor
<= 4.1.10
Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter vulnerability
5.9
25 minutes ago
LearnPress
<= 4.3.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute vulnerability
6.5
38 minutes ago
LatePoint
<= 5.3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
39 minutes ago
WP jQuery Lightbox
<= 2.3.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute vulnerability
6.5
41 minutes ago
PowerPress Podcasting
<= 11.15.15
Authenticated (Contributor+) Stored Cross-Site Scripting via powerpress and podcast Shortcodes vulnerability
6.5
43 minutes ago
Elementor Website Builder
<= 3.35.5
Authenticated (Contributor+) Stored Cross-Site Scripting via REST API vulnerability
6.5
44 minutes ago
Product Feed PRO for WooCommerce
13.4.6-13.5.2.1
Cross-Site Request Forgery vulnerability
8.8
45 minutes ago
Download Monitor
<= 5.1.10
Cross-Site Request Forgery to Download Path Deletion and Disabling vulnerability
4.3
48 minutes ago
Hustle
<= 7.8.10.2
WordPress Hustle - Email Marketing, Lead Generation, Optins, Popups plugin <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion Tracking Data Manipulation vulnerability
5.3
49 minutes ago
Smart Slider 3
<= 3.5.1.33
Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipulation vulnerability
5.4
52 minutes ago
Charitable
<= 1.8.9.7
Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook vulnerability
5.3
54 minutes ago
Load more