The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,002

MitigationsMitigation rules14,473

No official patch11,202

In triage1,512

Published soon0

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
LotekMedia Popup Form<= 1.0.6 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability	5.9	2 days ago
True Ranker<= 2.2.9 Cross-Site Request Forgery to Unauthorized True Ranker Disconnection vulnerability	4.3	2 days ago
Carta Online<= 2.13.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability	5.9	2 days ago
Infomaniak Connect for OpenID<= 1.0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 days ago
Font Pairing Preview For Landing Pages<= 1.3 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
Show YouTube video<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	6.5	2 days ago
Purchase Button For Affiliate Link<= 1.0.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
DA Media GigList<= 1.9.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'list_title' Shortcode Attribute vulnerability	6.5	2 days ago
Consensus Embed<= 1.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability	6.5	2 days ago
Media Library Alt Text Editor<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'post_id' Shortcode Attribute vulnerability	6.5	2 days ago
The Guardian News Feed<= 1.2 Cross-Site Request Forgery to Settings Update vulnerability	4.3	2 days ago
MyQtip – easy qTip2<= 2.0.5 WordPress MyQtip - easy qTip2 plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	2 days ago
Wueen<= 0.2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via plugin's Shortcode vulnerability	6.5	2 days ago
Mobile DJ Manager<= 1.7.8.1 Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion vulnerability	5.3	2 days ago
MailArchiver<= 4.4.0 Authenticated (Administrator+) Stored Cross-Site Scripting via Settings vulnerability	5.9	2 days ago
Community Events<= 1.5.8 Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability	7.6	2 days ago
ProfileGrid <= 5.9.8.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability	4.3	2 days ago
ProfileGrid <= 5.9.8.2 Cross-Site Request Forgery to Group Membership Request Approval/Denial vulnerability	4.3	2 days ago
Stock Ticker<= 3.26.1 Authenticated (Administrator+) Stored Cross-Site Scripting via Template vulnerability	5.9	2 days ago
Easy PHP Settings<= 1.0.4 Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting vulnerability	7.2	2 days ago