The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,336
Mitigations15,935
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
CorvusPay WooCommerce Payment Gateway<= 2.7.4
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
4 minutes ago
W3 Total Cache<= 2.9.4
Unauthenticated Arbitrary File Read vulnerability
7.5
5 minutes ago
WordPress CTA<= 2.2.2
Unauthenticated Time-Based Blind SQL Injection vulnerability
9.3
10 minutes ago
Aimogen Pro<= 2.8.4
WordPress Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin <= 2.8.4 - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation vulnerability
9.8
13 minutes ago
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_manage_auctions vulnerability
7.1
15 hours ago
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_auctions_bids_list vulnerability
7.1
15 hours ago
ICS Calendar<= 12.0.9
Reflected Cross-Site Scripting vulnerability
7.1
15 hours ago
Booking Package<= 1.7.20
Unauthenticated SQL Injection vulnerability
9.3
15 hours ago
WP Customer Area<= 8.3.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
FoodBook Lite – Online Food Ordering System<= 1.5.6
Missing Authorization to Unauthenticated User Registration vulnerability
5.3
17 hours ago
News Kit Elementor Addons<= 1.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
17 hours ago
Fusion Builder<= 3.15.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
Smart Slider 3<= 3.5.1.37
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
4.3
1 day ago
Academy LMS<= 3.8.0
Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability
4.3
1 day ago
safeinstall-cli< 0.10.2
NPM: SafeInstall agent guard shell parsing can miss raw package execution
8.8
3 days ago
NEX-Forms<= 9.2.2
Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability
5.3
3 days ago
TeraWallet – For WooCommerce<= 1.6.4
Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration vulnerability
4.3
3 days ago
WCFM – Frontend Manager for WooCommerce<= 6.7.27
Missing Authorization to Unauthenticated Arbitrary Inquiry Reply Injection vulnerability
5.3
3 days ago
WCFM – Frontend Manager for WooCommerce<= 6.7.27
Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation vulnerability
4.3
3 days ago
WCFM Marketplace<= 3.7.3
Authenticated (Vendor+) Stored Cross-Site Scripting vulnerability
6.5
3 days ago