Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,407
Mitigations
Mitigation rules
14,671
No official patch
11,207
In triage
1,321
Published soon
51
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Contact List
<= 3.0.18
Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter vulnerability
6.5
36 minutes ago
Keep Backup Daily
<= 2.1.2
Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title vulnerability
5.9
39 minutes ago
Keep Backup Daily
<= 2.1.1
Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter vulnerability
2.7
44 minutes ago
Alt Manager
<= 1.8.2
Authenticated (Author+) Stored Cross-Site Scripting via Post Title vulnerability
5.9
55 minutes ago
KiviCare
<= 4.1.2
WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability
9.8
11 hours ago
KiviCare
<= 4.1.2
Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability
8.2
11 hours ago
Post SMTP
<= 3.8.0
Unauthenticated Stored Cross-Site Scripting via 'event_type' vulnerability
7.1
11 hours ago
Slimstat Analytics
<= 5.3.5
Unauthenticated Stored Cross-Site Scripting via 'fh' vulnerability
7.1
11 hours ago
Restrict Content
<= 3.2.24
WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability
4.3
11 hours ago
Simply Schedule Appointments
<= 1.6.10.0
Unauthenticated SQL Injection via 'fields' Parameter vulnerability
9.3
11 hours ago
Aimogen Pro
<= 2.7.5
Unauthenticated Privilege Escalation via Arbitrary Function Call vulnerability
9.8
12 hours ago
ilGhera Carta Docente for WooCommerce
<= 1.5.0
Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability
6.5
19 hours ago
CM Custom WordPress Reports and Analytics
<= 1.2.7
Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels vulnerability
5.9
19 hours ago
RockPress
<= 1.0.17
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions vulnerability
5.4
19 hours ago
Instant Popup Builder
<= 1.1.7
Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter vulnerability
5.3
22 hours ago
Add Custom Fields to Media
<= 2.0.3
Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter vulnerability
4.3
23 hours ago
Draft List
<= 2.6.2
Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability
5.9
23 hours ago
Download Manager
<= 3.3.49
Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability
4.3
23 hours ago
Info Cards
<= 2.0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability
6.5
23 hours ago
NextGEN Gallery
<= 4.0.4
WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability
7.2
23 hours ago
Load more