The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,296

MitigationsMitigation rules14,591

No official patch11,208

In triage1,324

Published soon42

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Booster for WooCommerce< 7.11.3 Broken Access Control vulnerability	5.3	4 hours ago
WowStore<= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability	9.3	5 hours ago
NEX-Forms<= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability	7.5	5 hours ago
NEX-Forms<= 9.1.9 WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability	4.3	15 hours ago
WP User Frontend<= 4.2.8 Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter vulnerability	5.3	16 hours ago
Wicked Folders<= 4.1.0 Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability	4.3	16 hours ago
Thim Elementor Kit<= 1.3.7 Missing Authorization to Unauthenticated Private Course Disclosure vulnerability	5.3	16 hours ago
WP EasyPay<= 4.2.11 Broken Access Control vulnerability	5.4	21 hours ago
Modern Events Calendar<= 7.29.0 Broken Access Control vulnerability	5.3	21 hours ago
Ultimate Addons for Contact Form 7<= 3.5.36 Cross Site Scripting (XSS) vulnerability	6.5	2 days ago
UpsellWP<= 2.2.4 SQL Injection vulnerability	7.6	3 days ago
Search & Go<= 2.8 Privilege Escalation vulnerability	9.8	4 days ago
Subscriptions for WooCommerce<= 1.8.10 Bypass Vulnerability vulnerability	7.5	4 days ago
Formidable Forms<= 6.28 Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter vulnerability	5.3	4 days ago
Formidable Forms<= 6.28 Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse vulnerability	7.5	4 days ago
Simply Schedule Appointments<= 1.6.9.29 Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability	7.5	4 days ago
Pix for WooCommerce<= 1.5.0 Unauthenticated Arbitrary File Upload vulnerability	10	4 days ago
Calculated Fields Form<= 5.4.5.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings vulnerability	6.5	4 days ago
Social Icons Widget & Block by WPZOOM<= 4.5.8 Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation vulnerability	4.3	4 days ago
GetGenie<= 4.3.2 Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST API vulnerability	5.9	4 days ago