Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,483
Mitigations
Mitigation rules
14,089
No official fix
10,956
In triage
1,240
Published soon
31
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP RSS Aggregator
<= 5.0.10
Reflected Cross-Site Scripting via 'template' Parameter vulnerability
7.1
7 minutes ago
FluentForm
<= 5.1.19
Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability
6.5
31 minutes ago
LiquidPoll
<= 3.3.78
Unauthenticated Stored Cross-Site Scripting via form_data Parameter vulnerability
7.1
32 minutes ago
ARForms Form Builder
<= 1.5.8
Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability
7.1
34 minutes ago
Formidable Forms
<= 6.7
HTML Injection vulnerability
6.5
36 minutes ago
tagDiv Composer
<= 5.0
Reflected Cross-Site Scripting via envato_code[] vulnerability
7.1
36 minutes ago
Premmerce
<= 1.3.20
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability
6.5
36 minutes ago
Subitem AL Slider
<= 1.0.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
40 minutes ago
Product Addons for Woocommerce
<= 3.1.0
WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability
7.2
41 minutes ago
Download Manager
<= 3.3.46
Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability
7.1
1 hour ago
ShopLentor
<= 3.3.2
Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability
8.6
1 hour ago
Rent Fetch
<= 0.32.6
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
7.1
1 hour ago
WPNakama
<= 0.6.5
Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability
9.3
1 hour ago
Taskbuilder
<= 5.0.2
Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
8.5
1 hour ago
Business Directory
<= 6.4.21
Unauthenticated SQL Injection via payment Parameter vulnerability
9.3
2 hours ago
RegistrationMagic
<= 6.0.6.9
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
5.3
8 hours ago
Complianz
<= 7.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
8 hours ago
User Submitted Posts
<= 20260113
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
5.3
8 hours ago
Video Share VOD
<= 2.7.11
Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
6.5
8 hours ago
SiteOrigin Widgets Bundle
<= 1.70.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
5.4
8 hours ago
Load more