Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
48,062
Mitigations
Mitigation rules
15,582
No official patch
12,952
In triage
1,536
Published soon
41
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Dokan
<= 5.0.3
Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability
4.3
13 hours ago
Optimole
<= 4.2.6
Cross-Site Request Forgery vulnerability
4.3
1 day ago
FireBox
<= 3.1.7
Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability
5.3
1 day ago
myCred
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Permalink Manager Lite
<= 2.5.3.3
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
WooCommerce Stripe Payment Gateway
<= 10.7.0
Missing Authorization to Unauthenticated Order Status Manipulation vulnerability
6.5
1 day ago
User Private Files
<= 2.1.6
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
WP Review Slider Pro
<= 12.6.8
Authenticated (Subscriber+) SQL Injection vulnerability
8.5
1 day ago
WP Review Slider Pro
<= 12.6.8
Authenticated (Subscriber+) SQL Injection vulnerability
8.5
1 day ago
WP Review Slider Pro
<= 12.6.8
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
7.7
1 day ago
Premmerce Dev Tools
<= 2.0
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
8.8
1 day ago
Counter Box
<= 2.0.13
Authenticated (Administrator+) PHP Object Injection vulnerability
7.2
2 days ago
RTMKit
<= 2.0.7
Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access vulnerability
6.5
2 days ago
Static Block
<= 2.2
Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability
4.3
2 days ago
Abandoned Contact Form 7
<= 2.2
Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability
5.3
2 days ago
Video Conferencing with Zoom
<= 4.6.7
Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability
5.3
2 days ago
Pods
<= 3.3.8
Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Media LIbrary Assistant
<= 3.35
Reflected Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
JetEngine
<= 3.8.10.1
SQL Injection vulnerability
9.3
2 days ago
Envira Photo Gallery
<= 1.12.5
Broken Access Control vulnerability
6.5
2 days ago
Load more