The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,071

MitigationsMitigation rules13,666

No official fix10,673

In triage1,156

Published soon18

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
User Submitted Posts<= 20251210 WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability	7.1	6 hours ago
Metform<= 4.1.0 WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability	3.7	6 hours ago
JustClick registration plugin<= 0.1 Reflected Cross-Site Scripting via PHP_SELF vulnerability	7.1	6 hours ago
Frontis Blocks<= 1.1.6 Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability	7.2	6 hours ago
Kalrav AI Agent<= 2.3.3 Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action vulnerability	10	7 hours ago
WP Term Order<= 2.1.0 Cross Site Request Forgery (CSRF) vulnerability	4.3	2 days ago
WP Job Portal<= 2.4.3 Insecure Direct Object References (IDOR) vulnerability	4.3	2 days ago
Materialis Companion<= 1.3.52 Broken Access Control vulnerability	4.3	2 days ago
HD Quiz<= 2.0.9 Broken Access Control vulnerability	4.3	2 days ago
Moderate Selected Posts<= 1.4 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	2 days ago
All-in-One Video Gallery4.1.0-4.6.4 Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update vulnerability	5.4	2 days ago
CM CSS Columns<= 1.2.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute vulnerability	6.5	2 days ago
AdminQuickbar<= 1.9.3 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
Canto Testimonials<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability	6.5	2 days ago
GZSEO<= 2.0.11 Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting vulnerability	6.5	2 days ago
WP-ClanWars<= 2.0.1 Authenticated (Administrator+) SQL Injection via 'orderby' Parameter vulnerability	7.6	2 days ago
Login Page Editor<= 1.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
ThemeRuby Multi Authors<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes vulnerability	6.5	2 days ago
Wizit Gateway for WooCommerce<= 1.2.9 Missing Authentication to Unauthenticated Arbitrary Order Cancellation vulnerability	5.3	2 days ago
Set Bulk Post Categories<= 1.1 Cross-Site Request Forgery to Bulk Post Category Update vulnerability	4.3	2 days ago