Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,484
Mitigations
Mitigation rules
14,079
No official fix
10,960
In triage
1,232
Published soon
33
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
RegistrationMagic
<= 6.0.6.9
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
5.3
53 minutes ago
Complianz
<= 7.4.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
6.5
57 minutes ago
User Submitted Posts
<= 20260113
Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability
5.3
58 minutes ago
Video Share VOD
<= 2.7.11
Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability
6.5
1 hour ago
SiteOrigin Widgets Bundle
<= 1.70.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
5.4
1 hour ago
Community Events
<= 1.5.7
Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability
5.9
1 hour ago
WP Event Aggregator
<= 1.8.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
1 hour ago
Business Directory
<= 6.4.20
Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability
5.3
1 hour ago
EventPrime
<= 4.2.8.4
Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
4.3
1 hour ago
WP-DownloadManager
<= 1.69
Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability
2.7
1 hour ago
Dam Spam
<= 1.0.8
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
4.3
1 hour ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability
2.7
1 hour ago
Kali Forms
<= 2.4.8
Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability
4.3
1 hour ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability
2.7
1 hour ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability
5.9
1 hour ago
YayMail – WooCommerce Email Customizer
<= 4.3.2
Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability
7.2
1 hour ago
Private Comment
<= 0.0.4
Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability
5.9
1 hour ago
InteractiveCalculator for WordPress
<= 1.0.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability
6.5
1 hour ago
Cart All In One For WooCommerce
<= 1.1.21
Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability
7.2
1 hour ago
Gutenberg Blocks by Kadence Blocks
<= 3.6.1
Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability
4.3
1 hour ago
Load more