The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total34,943

Mitigation rules12,994

No official fix9,752

In triage1,269

Published soon4

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Pixel Manager for WooCommerce<= 1.49.2 Unauthenticated Information Exposure vulnerability	5.3	16 hours ago
Icon List Block<= 1.2.1 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	6.4	16 hours ago
AI Engine<= 3.1.8 Authenticated (Editor+) Server-Side Request Forgery vulnerability	5.5	16 hours ago
WP Duplicate Page<= 1.7 Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability	4.3	16 hours ago
WP Migrate Lite<= 2.7.6 Unauthenticated Blind Server-Side Request Forgery vulnerability	7.2	16 hours ago
Enable SVG, WebP & ICO Upload<= 1.1.2 Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass vulnerability	9.1	16 hours ago
Enable SVG, WebP & ICO Upload<= 1.1.2 Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads vulnerability	5.9	16 hours ago
Element Pack Elementor Addons<= 8.3.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability	6.5	16 hours ago
Live sales notification for WooCommerce<= 2.3.39 Missing Authorization to Unauthenticated Customer Data Exposure vulnerability	7.5	16 hours ago
Cryptocurrency Payment Gateway for WooCommerce<= 2.0.22 Missing Authorization to Unauthenticated Tracking Status Update vulnerability	5.3	20 hours ago
Restrictions for BuddyPress<= 1.5.2 Missing Authorization to Unauthenticated Tracking Status Update vulnerability	5.3	20 hours ago
Simple User Import Export<= 1.1.7 Authenticated (Admin+) CSV Injection vulnerability	6.6	21 hours ago
WP Twitter Auto Publish<= 1.7.3 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	21 hours ago
Meta Display Block<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 hours ago
Photonic Gallery & Lightbox for Flickr, SmugMug & Others<= 3.21 Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute vulnerability	6.5	21 hours ago
Broken Link Checker<= 1.2.5 Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing vulnerability	5.4	21 hours ago
Checkout Files Upload for WooCommerce<= 2.2.1 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	21 hours ago
Gutenify<= 1.5.9 WordPress Gutenify - Visual Site Builder Blocks & Site Templates plugin <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block vulnerability	6.5	21 hours ago
Coil Web Monetization<= 2.0.2 Cross-Site Request Forgery vulnerability	4.3	21 hours ago
ACF Flexible Layouts Manager<= 1.1.6 Missing Authorization to Unauthenticated Custom Field Update vulnerability	6.5	21 hours ago