Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,077
Mitigations
Mitigation rules
14,519
No official patch
11,203
In triage
1,531
Published soon
25
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
RegistrationMagic
<= 6.0.7.2
Subscriber+ Sensitive Data Disclosure vulnerability
4.3
53 minutes ago
LearnPress
<= 4.3.2.8
Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering vulnerability
4.3
59 minutes ago
Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder
< 1.6.1
Contributor+ Arbitrary Limited Options Update vulnerability
6.8
1 hour ago
ExactMetrics
8.6.0-9.0.2
Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation
8.8
2 hours ago
weForms
<= 1.6.27
Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API vulnerability
6.5
16 hours ago
Royal Elementor Addons
<= 1.7.1049
Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass vulnerability
8.8
16 hours ago
MC4WP
<= 4.11.1
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
6.5
16 hours ago
RTMKit
<= 1.6.8
Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability
7.1
17 hours ago
LatePoint
<= 5.2.7
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting vulnerability
7.1
17 hours ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.5
Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability
7.1
17 hours ago
MetForm Pro
<= 3.9.6
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
17 hours ago
The Events Calendar
<= 6.15.17
Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability
7.5
18 hours ago
Simply Schedule Appointments
<= 1.6.9.27
Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability
9.3
18 hours ago
JetBooking
<= 4.0.3
Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability
9.3
18 hours ago
WP Maps
<= 4.9.1
Unauthenticated SQL Injection via 'location_id' Parameter vulnerability
9.3
19 hours ago
Ally
<= 4.0.3
WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability
9.3
19 hours ago
ProfilePress
<= 4.16.11
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability
8.1
19 hours ago
Tutor LMS Pro
<= 3.9.5
Authentication Bypass via Social Login vulnerability
9.8
19 hours ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
5.4
1 day ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
6.5
1 day ago
Load more