Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
48,670
Mitigations
Mitigation rules
15,692
No official patch
12,993
In triage
1,426
Published soon
38
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
User Registration
<= 5.2.0
Missing Authorization to Unauthenticated Payment Bypass vulnerability
6.5
2 hours ago
neotoma
>= 0.13.0, < 0.14.0
NPM: neotoma has tenant isolation gap in relationship query endpoints
0.6
16 hours ago
i18next-fs-backend
< 2.6.6
NPM: i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string
9.1
17 hours ago
i18next-http-middleware
< 3.9.7
NPM: i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names
9.1
17 hours ago
OMGF Pro
<= 5.2.6
Arbitrary File Upload vulnerability
10
17 hours ago
@anthropic-ai/claude-code
>= 2.1.59, < 2.1.128
NPM: @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
4.4
17 hours ago
Groundhogg
<= 4.5.4
Authenticated (Custom+) SQL Injection vulnerability
8.5
21 hours ago
WPCafe
<= 3.0.14
Broken Access Control vulnerability
4.3
1 day ago
Cornerstone
< 7.8.8
Subscriber+ Arbitrary User Password Hash Disclosure vulnerability
6.5
1 day ago
Post Duplicator
< 3.0.15
Contributor+ PHP Object Injection via customMetaData vulnerability
8.8
1 day ago
Frontend File Manager
<= 23.6
Subscriber+ Stored Cross-Site Scripting via File Rename vulnerability
6.5
1 day ago
Elementor Website Builder
<= 4.1.3
Sensitive Data Exposure vulnerability
6.5
1 day ago
Neve PRO
<= 3.1.2
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
SeedProd Pro
< 6.19.5
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Featured Image
<= 2.1
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Slick Popup
<= 1.7.15
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
Simple Basic Contact Form
<= 20250114
Reflected XSS vulnerability
7.1
1 day ago
Infility Global
< 2.15.19
Subscriber+ SQL Injection via order Parameter vulnerability
8.5
1 day ago
Tourfic
<= 2.22.7
Unauthenticated SQL Injection vulnerability
9.3
1 day ago
SEOPress PRO
<= 9.1.1
Broken Access Control vulnerability
4.3
1 day ago
Load more