Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,951
Mitigations
Mitigation rules
14,874
No official patch
11,337
In triage
1,401
Published soon
49
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Blog2Social
<= 8.8.3
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability
4.3
1 day ago
Awesome Support
<= 6.3.7
Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability
5.3
1 day ago
Masteriyo - LMS
<= 2.1.7
Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability
5.3
1 day ago
WP Blockade
<= 0.9.14
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability
6.5
1 day ago
Pinterest Site Verification plugin using Meta Tag
<= 1.8
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability
6.5
1 day ago
Gravity Forms
<= 2.9.30
Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability
7.1
1 day ago
Gravity Forms
<= 2.9.30
Reflected Cross-Site Scripting via 'form_ids' Parameter vulnerability
7.1
1 day ago
Popup box
< 5.5.0
Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability
7.1
1 day ago
Attendance Manager
<= 0.6.2
Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter vulnerability
8.5
1 day ago
SQL Chart Builder
< 2.3.8
Unauthenticated SQL Injection vulnerability
9.3
1 day ago
DSGVO Google Web Fonts GDPR
<= 1.1
Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability
10
1 day ago
Users manager – PN
<= 1.1.15
WordPress Users manager - PN plugin <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action vulnerability
9.8
1 day ago
Everest Forms
<= 3.4.3
Unauthenticated PHP Object Injection via Form Entry Metadata vulnerability
9.8
1 day ago
Smart Slider 3 PRO
3.5.1.35
Backdoor vulnerability
10
1 day ago
WP Visitor Statistics (Real Time Traffic)
<= 8.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability
6.5
1 day ago
Magic Conversation For Gravity Forms
<= 3.0.97
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 day ago
Element Pack Elementor Addons
<= 8.4.2
Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget vulnerability
6.5
1 day ago
Whole Enquiry Cart for WooCommerce
<= 1.2.1
Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter vulnerability
5.9
1 day ago
pz-frontend-manager
<= 1.0.6
Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter vulnerability
5.3
1 day ago
AM LottiePlayer
<= 3.6.0
Authenticated (Author+) Stored Cross-Site Scripting via SVG vulnerability
5.9
1 day ago
Load more