Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,279
Mitigations
Mitigation rules
14,032
No official fix
10,917
In triage
1,396
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Magic Login Mail or QR Code
<= 2.05
Unauthenticated Privilege Escalation via Insecure QR Code File Storage vulnerability
8.1
3 hours ago
midi-Synth
<= 1.1.0
Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability
10
3 hours ago
PhotoStack Gallery
<= 0.4.1
Unauthenticated SQL Injection via 'postid' Parameter vulnerability
9.3
3 hours ago
SureForms
<= 2.2.1
WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability
7.5
4 hours ago
Prime Listing Manager
<= 1.1
Unauthenticated Privilege Escalation vulnerability
9.8
6 hours ago
WP eCommerce
<= 3.15.1
Unauthenticated PHP Object Injection vulnerability
9.8
6 hours ago
AdForest
<= 6.0.12
Authentication Bypass vulnerability
9.8
7 hours ago
Media Library Folders
<= 8.3.6
Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename vulnerability
4.3
2 days ago
Essential Addons for Elementor
<= 6.5.9
Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget vulnerability
6.5
2 days ago
MP3 Audio Player for Music, Radio & Podcast by Sonaar
5.3-5.10
Authenticated (Author+) Server-Side Request Forgery vulnerability
5
2 days ago
Mail Mint
<= 1.19.2
Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability
7.6
2 days ago
Modula Image Gallery
<= 2.13.6
WordPress Modula Image Gallery - Photo Grid & Video Gallery plugin <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing vulnerability
4.3
2 days ago
myCred
<= 2.9.7.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability
6.5
2 days ago
Link Hopper
<= 2.5
Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter vulnerability
5.9
2 days ago
Ravelry Designs Widget
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability
6.5
2 days ago
UpMenu
<= 3.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute vulnerability
6.5
2 days ago
collectchat
<= 2.4.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field vulnerability
6.5
2 days ago
Press3D
<= 1.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Link URL Parameter in 3D Model Block vulnerability
5.9
2 days ago
Smart Forms
<= 2.6.99
Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure vulnerability
4.3
2 days ago
User Language Switch
<= 1.6.10
Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability
5.9
2 days ago
Load more