The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,584

MitigationsMitigation rules14,128

No official patch10,975

In triage1,272

Published soon10

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Smartsupp – live chat, chatbots, AI and lead generation<= 3.9.1 WordPress Smartsupp - live chat, AI shopping assistant and chatbots plugin <= 3.9.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	8 hours ago
WooCommerce Checkout Manager<= 7.8.1 Unauthenticated Limited File Upload vulnerability	5.3	8 hours ago
Aruba HiSpeed Cache<= 3.0.2 Missing Authorization to Unauthenticated Plugin's Settings Modification vulnerability	6.5	10 hours ago
Aruba HiSpeed Cache<= 3.0.2 Reflected Cross-Site Scripting vulnerability	7.1	10 hours ago
Ultimate Member<= 2.11.1 Reflected Cross-Site Scripting via Filter Parameters vulnerability	7.1	10 hours ago
wpForo Forum<= 2.4.14 Unauthenticated Time-Based SQL Injection vulnerability	9.3	11 hours ago
WooCommerce Product Table Lite<= 4.6.2 Unauthenticated Time-Based SQL Injection via 'search' Parameter vulnerability	9.3	11 hours ago
Master Addons for Elementor<= 2.1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' vulnerability	6.5	18 hours ago
Quiz Maker<= 6.7.1.7 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	19 hours ago
Advanced AJAX Product Filters<= 3.1.9.6 Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability	8.8	1 day ago
Brevo<= 3.3.0 Unauthenticated Authorization Bypass via Type Juggling vulnerability	6.5	1 day ago
Blog2Social<= 8.7.4 Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification vulnerability	6.5	1 day ago
Shield Security<= 21.0.8 Cross-Site Request Forgery to SQL Injection vulnerability	9.3	1 day ago
WooCommerce Checkout Manager<= 7.8.5 Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability	7.5	1 day ago
Prodigy Commerce<= 3.2.9 Unauthenticated Local File Inclusion via parameters[template_name] vulnerability	8.1	1 day ago
Orderable<= 1.20.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability	8.8	1 day ago
Two Factor (2FA) Authentication via Email<= 1.9.8 Two-Factor Authentication Bypass via token vulnerability	6.5	1 day ago
Library Management System<= 3.2.1 Unauthenticated SQL Injection vulnerability	9.3	1 day ago
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.1.2 Missing Authorization to Sensitive Information Exposure vulnerability	7.5	1 day ago
Video Conferencing with Zoom< 4.6.6 Unauthenticated SDK Signature Generation vulnerability	7.5	1 day ago