Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,627
Mitigations
Mitigation rules
13,460
No official fix
10,481
In triage
881
Published soon
32
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
User Registration
<= 4.4.8
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
4.3
3 hours ago
Templately
<= 3.4.8
Unauthenticated Limited Arbitrary JSON File Write vulnerability
5.3
3 hours ago
miniOrange OTP Verification and SMS Notification for WooCommerce
<= 4.3.8
Missing Authorization to Unauthenticated Notification Settings Modification vulnerability
5.3
3 hours ago
Blog2Social
<= 8.7.2
Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
3 hours ago
Autogen Headers Menu
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter vulnerability
6.5
4 hours ago
Woodpecker for WordPress
<= 3.0.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability
6.5
4 hours ago
PullQuote
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
4 hours ago
Lesson Plan Book
<= 1.3
Reflected Cross-Site Scripting vulnerability
7.1
16 hours ago
MG AdvancedOptions
<= 1.2
Reflected Cross-Site Scripting vulnerability
7.1
16 hours ago
Top Position Google Finance
<= 0.1.0
Reflected Cross-Site Scripting vulnerability
7.1
16 hours ago
Eventin
<= 4.0.51
WordPress Eventin - Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability
7.1
16 hours ago
Frontend Admin by DynamiApps
<= 3.28.23
Unauthenticated Stored Cross-Site Scripting via 'update_field' vulnerability
7.1
17 hours ago
Slimstat Analytics
<= 5.3.3
Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability
7.1
17 hours ago
Slimstat Analytics
<= 5.3.4
Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters vulnerability
7.1
18 hours ago
Sendinblue for WooCommerce
<= 4.0.49
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
18 hours ago
Frontend Admin by DynamiApps
<= 3.28.25
Unauthenticated Privilege Escalation to Administrator via Role Form Field vulnerability
9.8
18 hours ago
Frontend Admin by DynamiApps
<= 3.28.25
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
9.1
18 hours ago
Client Testimonial Slider
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field vulnerability
6.5
1 day ago
Contact Form vCard Generator
<= 2.4
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability
5.3
1 day ago
Debt.com Business in a Box
<= 4.1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 day ago
Load more