Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,129
Mitigations
Mitigation rules
14,956
No official patch
11,322
In triage
1,371
Published soon
10
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Prismatic
<= 3.7.3
Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability
7.1
3 hours ago
Livemesh Addons for Elementor
<= 9.0
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings vulnerability
6.5
4 hours ago
Customer Reviews for WooCommerce
<= 5.101.0
Reflected Cross-Site Scripting via 'crsearch' vulnerability
7.1
4 hours ago
Product Pricing Table by WooBeWoo
<= 1.1.0
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
7.1
4 hours ago
WP Docs
<= 2.2.9
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability
6.5
4 hours ago
Form Maker by 10Web
<= 1.15.40
Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability
7.1
4 hours ago
Riaxe Product Customizer
<= 2.1.2
Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability
9.3
4 hours ago
Accessibility Suite
<= 4.20
Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability
8.5
5 hours ago
AcyMailing SMTP Newsletter
9.11.0-10.8.1
WordPress AcyMailing plugin 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
8.8
5 hours ago
Riaxe Product Customizer
<= 2.1.2
Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action vulnerability
9.8
5 hours ago
Career Section
<= 1.6
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
8.6
5 hours ago
Redsys for WooCommerce Light
<= 7.0.0
Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation vulnerability
7.5
5 hours ago
Barcode Scanner with Inventory & Order Manager
<= 1.11.0
Unauthenticated Privilege Escalation via Insecure Token Authentication vulnerability
9.8
5 hours ago
PostX
<= 5.0.5
WordPress Post Grid Gutenberg Blocks for News, Magazines, Blog Websites - PostX plugin <= 5.0.5 - Missing Authorization to Limited Post Meta Modification vulnerability
5.3
11 hours ago
BetterDocs
<= 4.3.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
11 hours ago
Email Encoder Bundle
<= 2.4.4
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability
6.5
11 hours ago
Livemesh Addons for Elementor
<= 9.0
Authenticated (Contributor+) Local File Inclusion via Widget Template Parameter vulnerability
8.8
14 hours ago
WP Maps
<= 4.8.7
WordPress WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode vulnerability
6.5
14 hours ago
OPEN-BRAIN
<= 0.5.0
Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
5.9
14 hours ago
Basic Google Maps Placemarks
<= 1.10.7
Missing Authorization to Unauthenticated Default Map Coordinate Update vulnerability
5.3
14 hours ago
Load more