Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,863
Mitigations
Mitigation rules
13,627
No official fix
10,547
In triage
1,244
Published soon
44
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
LA-Studio Element Kit for Elementor
<= 1.5.6.3
Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability
9.8
6 hours ago
Photo Gallery by 10Web
<= 1.8.36
Missing Authorization to Unauthenticated Arbitrary Comment Deletion vulnerability
5.3
13 hours ago
NotificationX
<= 3.2.0
Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' vulnerability
7.1
17 hours ago
Nexter Extension
<= 4.4.6
WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability
9.8
18 hours ago
Academy LMS
<= 3.5.0
Privilege Escalation vulnerability
9.8
18 hours ago
Bookingor
<= 1.0.12
Subscriber+ Category Deletion vulnerability
5.4
1 day ago
FlatPM
<= 3.2.2
WordPress FlatPM - Ad Manager, AdSense and Custom Code plugin <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta vulnerability
6.5
1 day ago
Head Meta Data
<= 20251118
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
1 day ago
NotificationX
<= 3.1.11
Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
5.4
1 day ago
Creator LMS
<= 1.1.12
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
8.8
1 day ago
The Events Calendar
<= 6.15.13
Missing Authorization to Authenticated (Subscriber+) Data Migration Control vulnerability
5.4
1 day ago
Tutor LMS
<= 3.9.4
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion vulnerability
5.4
1 day ago
Advanced Custom Fields: Extended
<= 0.9.2.1
Unauthenticated Privilege Escalation via Insert User Form Action vulnerability
9.8
1 day ago
Koko Analytics
<= 2.1.2
SQL Injection vulnerability
6.9
1 day ago
Custom Fonts – Host Your Fonts Locally
<= 2.1.16
WordPress Custom Fonts - Host Your Fonts Locally plugin <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion vulnerability
6.5
1 day ago
E-xact Hosted Payment
<= 2.0
Unauthenticated Arbitrary File Deletion vulnerability
8.6
1 day ago
Dokan
<= 4.2.4
Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure vulnerability
8.1
1 day ago
Viet contact
<= 1.3.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability
5.9
2 days ago
WP Hello Bar
<= 1.02
Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
5.9
2 days ago
weMail
<= 2.0.7
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
5.3
2 days ago
Load more