Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,627
Mitigations
Mitigation rules
13,460
No official fix
10,481
In triage
881
Published soon
8
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
User Registration
<= 4.4.8
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
4.3
1 day ago
Templately
<= 3.4.8
Unauthenticated Limited Arbitrary JSON File Write vulnerability
5.3
1 day ago
miniOrange OTP Verification and SMS Notification for WooCommerce
<= 4.3.8
Missing Authorization to Unauthenticated Notification Settings Modification vulnerability
5.3
1 day ago
Blog2Social
<= 8.7.2
Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
4.3
1 day ago
Autogen Headers Menu
<= 1.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter vulnerability
6.5
1 day ago
Woodpecker for WordPress
<= 3.0.4
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute vulnerability
6.5
1 day ago
PullQuote
<= 1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 day ago
Lesson Plan Book
<= 1.3
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
MG AdvancedOptions
<= 1.2
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
Top Position Google Finance
<= 0.1.0
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
Eventin
<= 4.0.51
WordPress Eventin - Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability
7.1
1 day ago
Frontend Admin by DynamiApps
<= 3.28.23
Unauthenticated Stored Cross-Site Scripting via 'update_field' vulnerability
7.1
1 day ago
Slimstat Analytics
<= 5.3.3
Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter vulnerability
7.1
1 day ago
Slimstat Analytics
<= 5.3.4
Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters vulnerability
7.1
1 day ago
Sendinblue for WooCommerce
<= 4.0.49
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
Frontend Admin by DynamiApps
<= 3.28.25
Unauthenticated Privilege Escalation to Administrator via Role Form Field vulnerability
9.8
1 day ago
Frontend Admin by DynamiApps
<= 3.28.25
Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability
9.1
1 day ago
Client Testimonial Slider
<= 2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field vulnerability
6.5
2 days ago
Contact Form vCard Generator
<= 2.4
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability
5.3
2 days ago
Debt.com Business in a Box
<= 4.1.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
2 days ago
Load more