The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,975

MitigationsMitigation rules14,473

No official patch11,188

In triage1,507

Published soon27

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Hammas Calendar<= 1.5.11 Authenticated (Contributor+) Stored Cross-Site Scripting via 'apix' Shortcode Attribute vulnerability	6.5	14 minutes ago
WP Frontend Profile<= 1.3.8 Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection vulnerability	4.3	16 minutes ago
Greenshift<= 12.8.3 Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' vulnerability	5.3	18 minutes ago
HUMN-1 AI Website Scanner & Human Certification by Winston AI<= 0.0.3 Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability	4.3	24 minutes ago
WP All Import<= 4.0.0 Reflected Cross-Site Scripting via 'filepath' vulnerability	7.1	15 hours ago
WowOptin<= 1.4.24 WordPress WowOptin: Next-Gen Popup Maker - Create Stunning Popups and Optins for Lead Generation plugin <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability	8.8	15 hours ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.5 Unauthenticated Arbitrary File Upload vulnerability	10	16 hours ago
Contact Form Entries<= 1.4.7 Unauthenticated PHP Object Injection via 'download_csv' vulnerability	9.8	17 hours ago
Greenshift<= 12.8.3 WordPress Greenshift - animation and page builder blocks plugin <= 12.8.3 - Unauthenticated Sensitive Information Exposure via Settings Backup vulnerability	5.3	1 day ago
Greenshift<= 12.8.5 WordPress Greenshift - animation and page builder blocks plugin <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
LatePoint<= 5.2.7 Authenticated (Agent+) Privilege Escalation vulnerability	8.8	1 day ago
Fluent Forms Pro Add On Pack<= 6.1.17 Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability	7.1	1 day ago
WPBookit<= 1.0.8 Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters vulnerability	7.1	1 day ago
Fluent Forms Pro Add On Pack<= 6.1.17 Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability	7.5	1 day ago
Mail Mint< 1.19.5 Unauthenticated Emails Disclosure vulnerability	7.5	1 day ago
Restrict Content<= 3.2.20 WordPress Membership plugin - Restrict Content plugin <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' vulnerability	8.1	1 day ago
Page and Post Clone<= 6.3 Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter vulnerability	8.5	2 days ago
Media LIbrary Assistant<= 3.33 Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability	4.3	2 days ago
Apocalypse Meow<= 22.1.0 Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability	7.6	2 days ago
OoohBoi Steroids for Elementor<= 2.1.24 Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls vulnerability	6.5	2 days ago