The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,932

MitigationsMitigation rules15,493

No official patch12,984

In triage1,550

Published soon24

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Slider Revolution<= 7.0.10 Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability	6.5	4 hours ago
WP GDPR Cookie Consent<= 1.0.0 Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability	6.5	5 hours ago
FV Flowplayer Video Player<= 7.5.49.7212 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	5 hours ago
Booking Package<= 1.7.16 Authenticated (Editor+) Privilege Escalation vulnerability	7.2	7 hours ago
Ad Inserter<= 2.8.15 Reflected Cross-Site Scripting vulnerability	7.1	7 hours ago
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More<= 1.0.15 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	7 hours ago
All In One WP Security & Firewall<= 5.4.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	7 hours ago
Advanced Google reCAPTCHA<= 5.38 Authenticated (Subscriber+) Authentication Bypass vulnerability	8.8	8 hours ago
Hippoo Mobile App for WooCommerce<= 1.9.4 Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability	9.8	8 hours ago
WP User Manager<= 2.9.17 Unauthenticated Path Traversal to Local File Inclusion vulnerability	7.5	8 hours ago
6Storage Rentals<= 2.22.0 Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability	7.5	8 hours ago
Advanced Google reCAPTCHA<= 5.38 Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability	8.8	8 hours ago
Events Calendar for GeoDirectory<= 2.3.28 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	8 hours ago
Recover Exit For WooCommerce<= 1.0.3 Unauthenticated Local File Inclusion vulnerability	10	8 hours ago
WP User Frontend<= 4.3.2 Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability	4.3	20 hours ago
Blocksy<= 2.1.41 Authenticated (Contributor+) PHP Object Injection vulnerability	8.8	21 hours ago
Unlimited Elementor Inner Sections By BoomDevs<= 1.3.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	21 hours ago
MailerPress<= 2.0.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	21 hours ago
kk blog card<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
jQuery Hover Footnotes<= 1.4 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	1 day ago