The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,426
Mitigations15,959
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
Planyo online reservation system<= 3.0
Unauthenticated Server-Side Request Forgery vulnerability
7.2
6 hours ago
Form Vibes – Database Manager for Forms<= 1.5.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
6 hours ago
WP Hotel Booking<= 2.3.1
Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability
5.3
7 hours ago
Code Engine<= 0.3.5
Authenticated (Contributor+) Remote Code Execution vulnerability
9.9
7 hours ago
Essential Addons for Elementor<= 6.6.10
Authenticated (Contributor+) Account Takeover vulnerability
8.8
7 hours ago
SEO Plugin by Squirrly SEO<= 14.0.0
Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting vulnerability
7.2
10 hours ago
wpForo Forum<= 3.1.1
Cross Site Scripting (XSS) vulnerability
6.5
10 hours ago
Motors<= 1.4.112
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
10 hours ago
Majestic Support<= 1.1.9
SQL Injection vulnerability
8.5
10 hours ago
Simple JWT Login<= 3.6.6
Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
8.8
10 hours ago
SureCart<= 4.2.3
Unauthenticated Linked WordPress Account Takeover vulnerability
8.1
10 hours ago
Instant Appointment<= 1.2
Unauthenticated Arbitrary File Upload vulnerability
10
11 hours ago
WP Ultimate CSV Importer<= 8.0.1
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
10
11 hours ago
@andrea9293/mcp-documentation-server1.13.0
NPM: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
8.8
18 hours ago
systeminformation<= 5.31.6
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
8.7
19 hours ago
dd-trace< 5.100.0
NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
7.5
19 hours ago
websocket-driver< 0.7.5
NPM: websocket-driver: Resource limit bypass via message compression
6.3
20 hours ago
websocket-driver< 0.7.5
NPM: websocket-driver: Message corruption via abuse of protocol length headers
9.2
20 hours ago
obsidian-local-rest-api< 4.1.3
NPM: obsidian-local-rest-api: Authenticated path traversal via URL-encoded %2F in /vault/{path} — arbitrary host file read/write/delete
8.8
20 hours ago
n8n-mcp<= 2.57.3
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
4.2
1 day ago