Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,279
Mitigations
Mitigation rules
14,022
No official fix
10,917
In triage
1,396
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Media Library Folders
<= 8.3.6
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability
4.3
1 day ago
Essential Addons for Elementor
<= 6.5.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability
6.5
1 day ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar
5.3-5.10
Authenticated (Author+) Server-Side Request Forgery vulnerability
5
1 day ago
Mail Mint
<= 1.19.2
Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability
7.6
1 day ago
Modula Image Gallery
<= 2.13.6
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability
4.3
1 day ago
myCred
<= 2.9.7.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability
6.5
1 day ago
Link Hopper
<= 2.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability
5.9
1 day ago
Ravelry Designs Widget
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability
6.5
1 day ago
UpMenu
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability
6.5
1 day ago
collectchat
<= 2.4.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability
6.5
1 day ago
Press3D
<= 1.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability
5.9
1 day ago
Smart Forms
<= 2.6.99
Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability
4.3
1 day ago
User Language Switch
<= 1.6.10
Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability
5.9
1 day ago
User Language Switch
<= 1.6.10
Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter vulnerability
5.5
1 day ago
Payment Page
<= 1.4.6
Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter vulnerability
5.9
1 day ago
MDirector Newsletter
<= 4.5.8
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
1 day ago
MailChimp Campaigns
<= 3.2.4
Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection vulnerability
5.3
1 day ago
WP Quick Contact Us
<= 1.0
Cross-Site Request Forgery to Settings Update vulnerability
4.3
1 day ago
Best-wp-google-map
<= 2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute vulnerability
6.5
1 day ago
Percent to Infograph
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 day ago
Load more