Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,414
Mitigations
Mitigation rules
15,946
No official patch
13,065
In triage
1,352
Published soon
1
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
SEO Plugin by Squirrly SEO
<= 14.0.0
Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting vulnerability
7.2
1 minute ago
wpForo Forum
<= 3.1.1
Cross Site Scripting (XSS) vulnerability
6.5
20 minutes ago
Motors
<= 1.4.112
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
25 minutes ago
Majestic Support
<= 1.1.9
SQL Injection vulnerability
8.5
41 minutes ago
Simple JWT Login
<= 3.6.6
Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
8.8
47 minutes ago
SureCart
<= 4.2.3
Unauthenticated Linked WordPress Account Takeover vulnerability
8.1
57 minutes ago
Instant Appointment
<= 1.2
Unauthenticated Arbitrary File Upload vulnerability
10
1 hour ago
WP Ultimate CSV Importer
<= 8.0.1
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
10
1 hour ago
@andrea9293/mcp-documentation-server
1.13.0
NPM: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
8.8
8 hours ago
systeminformation
<= 5.31.6
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
8.7
9 hours ago
dd-trace
< 5.100.0
NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
7.5
9 hours ago
websocket-driver
< 0.7.5
NPM: websocket-driver: Resource limit bypass via message compression
6.3
10 hours ago
websocket-driver
< 0.7.5
NPM: websocket-driver: Message corruption via abuse of protocol length headers
9.2
10 hours ago
obsidian-local-rest-api
< 4.1.3
NPM: obsidian-local-rest-api: Authenticated path traversal via URL-encoded %2F in /vault/{path} — arbitrary host file read/write/delete
8.8
10 hours ago
n8n-mcp
<= 2.57.3
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
4.2
1 day ago
tidgi
<= 0.13.0
NPM: TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import — Tiddler Startup Module Auto-Execution
9.6
1 day ago
@feathersjs/commons
<= 5.0.44
NPM: Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__
3.7
1 day ago
n8n-mcp
<= 2.56.0
NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments
9.9
1 day ago
@fedify/fedify
>= 0.11.2, < 1.9.12
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
@fedify/vocab-runtime
< 2.0.19
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
Load more