The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,437
Mitigations15,968
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
@tak-ps/cloudtak< 13.10.0
NPM: CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
7.6
23 hours ago
exifreader<= 4.40.0
NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
5.3
1 day ago
@prompty/core>= 2.0.0-alpha.1, < 2.0.0-beta.3
NPM: Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader
8.7
1 day ago
@prompty/core<= 2.0.0-beta.1
NPM: Prompty: Arbitrary file read via file reference expansion
7.5
1 day ago
mcp-memory-keeper< 0.13.0
NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
6.2
1 day ago
@tak-ps/cloudtak<= 13.5.0
NPM: TAK-PS-Stats Web UI: Authenticated full-read SSRF in CloudTAK basemap import (PUT /api/basemap) — no IP-classification guard
5
1 day ago
WordPress<= 7.0.1
Unauthenticated REST API Batch Request Handler Confusion
9.1
1 day ago
WordPress<= 7.0.1
Unauthenticated SQL Injection vulnerability
9.8
1 day ago
rtMedia for WordPress, BuddyPress and bbPress<= 4.6.18
SQL Injection vulnerability
8.5
1 day ago
SureForms<= 2.2.1
Broken Access Control vulnerability
7.5
1 day ago
Booking calendar, Appointment Booking System<= 3.2.17
SQL Injection vulnerability
9.3
1 day ago
Ultimate Member<= 2.10.1
SQL Injection vulnerability
9.3
1 day ago
GEO my WordPress<= 4.5.4
Unauthenticated SQL Injection vulnerability
9.3
1 day ago
Under Construction<= 5.76
Arbitrary File Download vulnerability
6.5
1 day ago
WordPress Social Login and Register<= 7.7.0
Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability
9.8
1 day ago
Sprout Clients<= 3.2.3
Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Autopay dla WooCommerce<= 2.2.27
Broken Access Control vulnerability
6.5
2 days ago
Download Monitor - WPForms Lock<= 1.0.4
WordPress Download Monitor - WPForms Lock plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
TrueBooker<= 1.2.3
SQL Injection vulnerability
9.3
2 days ago
Bookly<= 27.7
SQL Injection vulnerability
9.3
2 days ago