Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
49,427
Mitigations
Mitigation rules
15,959
No official patch
13,057
In triage
1,370
Published soon
12
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear filters
Affected software | Vulnerability
Risk
Disclosed
Planyo online reservation system
<= 3.0
Unauthenticated Server-Side Request Forgery vulnerability
7.2
8 hours ago
Form Vibes – Database Manager for Forms
<= 1.5.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
9 hours ago
WP Hotel Booking
<= 2.3.1
Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability
5.3
9 hours ago
Code Engine
<= 0.3.5
Authenticated (Contributor+) Remote Code Execution vulnerability
9.9
9 hours ago
Essential Addons for Elementor
<= 6.6.10
Authenticated (Contributor+) Account Takeover vulnerability
8.8
9 hours ago
SEO Plugin by Squirrly SEO
<= 14.0.0
Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting vulnerability
7.2
12 hours ago
wpForo Forum
<= 3.1.1
Cross Site Scripting (XSS) vulnerability
6.5
12 hours ago
Motors
<= 1.4.112
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
12 hours ago
Majestic Support
<= 1.1.9
SQL Injection vulnerability
8.5
13 hours ago
Simple JWT Login
<= 3.6.6
Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation vulnerability
8.8
13 hours ago
SureCart
<= 4.2.3
Unauthenticated Linked WordPress Account Takeover vulnerability
8.1
13 hours ago
Instant Appointment
<= 1.2
Unauthenticated Arbitrary File Upload vulnerability
10
13 hours ago
WP Ultimate CSV Importer
<= 8.0.1
Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability
10
13 hours ago
@andrea9293/mcp-documentation-server
1.13.0
NPM: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
8.8
21 hours ago
systeminformation
<= 5.31.6
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
8.7
21 hours ago
dd-trace
< 5.100.0
NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
7.5
21 hours ago
websocket-driver
< 0.7.5
NPM: websocket-driver: Resource limit bypass via message compression
6.3
22 hours ago
websocket-driver
< 0.7.5
NPM: websocket-driver: Message corruption via abuse of protocol length headers
9.2
22 hours ago
obsidian-local-rest-api
< 4.1.3
NPM: obsidian-local-rest-api: Authenticated path traversal via URL-encoded %2F in /vault/{path} — arbitrary host file read/write/delete
8.8
22 hours ago
n8n-mcp
<= 2.57.3
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
4.2
2 days ago
Load more