The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,752

MitigationsMitigation rules13,540

No official fix10,543

In triage1,082

Published soon17

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Cost Calculator Builder<= 3.6.9 Missing Authorization to Unauthenticated Payment Status Bypass vulnerability	5.3	6 hours ago
User Submitted Posts<= 20260110 Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode vulnerability	6.5	6 hours ago
LEAV Last Email Address Validator<= 1.7.1 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	6 hours ago
Related Posts by Taxonomy<= 2.7.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability	6.5	7 hours ago
DK PDF – WordPress PDF Generator<= 2.3.0 WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability	5	7 hours ago
Rede Itaú for WooCommerce<= 5.1.2 Missing Authorization to Unauthenticated Rede Order Logs Deletion vulnerability	5.3	7 hours ago
Rede Itaú for WooCommerce<= 5.1.2 WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin <= 5.1.2 - Unauthenticated Order Status Manipulation vulnerability	5.3	7 hours ago
All In One SEO Pack<= 4.9.2 WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability	4.3	7 hours ago
Booking Calendar<= 10.14.11 Missing Authorization to Sensitive Information Exposure vulnerability	4.3	7 hours ago
Shield Security<= 21.0.9 Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability	4.3	7 hours ago
Kalium<= 3.29 Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability	5.3	7 hours ago
WP-Members<= 3.5.4.3 Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability	6.5	21 hours ago
Simply Schedule Appointments<= 1.6.9.9 Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability	9.3	23 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.2 Missing Authorization to Unauthenticated File Deletion vulnerability	3.7	1 day ago
List Site Contributors<= 1.1.8 Reflected Cross-Site Scripting via alpha vulnerability	7.1	1 day ago
AJS Footnotes<= 1.0 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Name Directory<= 1.30.3 Unauthenticated Stored Cross-Site Scripting via Multiple Parameters vulnerability	7.1	1 day ago
GeekyBot<= 1.1.7 WordPress GeekyBot - Generate AI Content Without Prompt, Chatbot and Lead Generation plugin <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 day ago
Gotham Block Extra Light<= 1.5.0 Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability	6.5	1 day ago
Shipping Rate By Cities<= 2.0.0 Unauthenticated SQL Injection via 'city' Parameter vulnerability	9.3	1 day ago