The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total37,956

MitigationsMitigation rules13,846

No official fix10,815

In triage1,188

Published soon12

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
SportsPress – Sports Club & League Manager<= 2.7.26 Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability	8.8	4 hours ago
Code Explorer<= 1.4.6 Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter vulnerability	4.9	4 hours ago
Fortis for WooCommerce<= 1.2.0 Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability	5.3	4 hours ago
All push notification for WP<= 1.5.3 Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter vulnerability	7.6	4 hours ago
WP Content Permission<= 1.2 Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability	5.9	5 hours ago
Magic Import Document Extractor<= 1.0.4 Unauthenticated Sensitive Information Exposure vulnerability	5.3	5 hours ago
Chapa Payment Gateway Plugin for WooCommerce<= 1.0.3 Unauthenticated Sensitive Information Exposure vulnerability	5.3	5 hours ago
Magic Import Document Extractor<= 1.0.4 Missing Authorization to Unauthenticated Plugin License Status Modification vulnerability	5.3	5 hours ago
Xendit Payment<= 6.0.2 Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid vulnerability	5.3	5 hours ago
SIBS woocommerce payment gateway<= 2.2.0 WordPress SIBS - WooCommerce plugin <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' Parameter vulnerability	7.6	5 hours ago
Extended Random Number Generator<= 1.1 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability	5.9	5 hours ago
Menu Icons by ThemeIsle<= 0.13.20 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	5 hours ago
Tutor LMS<= 3.9.5 Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion vulnerability	8.1	5 hours ago
ACF Quick Edit Fields<= 3.2.2 Authenticated (Contributor+) Insecure Direct Object Reference vulnerability	6.5	7 hours ago
Paid Memberships Pro<= 2.12.7 Cross-Site Request Forgery to Level Orders Update vulnerability	4.3	13 hours ago
Awesome Support<= 6.1.7 WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.1.7 - Missing Authorization via editor_html() vulnerability	5.3	13 hours ago
Royal Elementor Addons<= 1.3.87 Missing Authorization via wpr_update_form_action_meta vulnerability	5.3	13 hours ago
Royal Elementor Addons<= 1.3.87 Cross-Site Request Forgery via add_to_compare vulnerability	4.3	13 hours ago
Royal Elementor Addons<= 1.3.87 Cross-Site Request Forgery via remove_from_compare vulnerability	4.3	13 hours ago
Royal Elementor Addons<= 1.3.87 Cross-Site Request Forgery via remove_from_wishlist vulnerability	4.3	13 hours ago