Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,161
Mitigations
Mitigation rules
14,966
No official patch
11,323
In triage
1,375
Published soon
23
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
CMS für Motorrad Werkstätten
<= 1.0.0
Cross-Site Request Forgery vulnerability
4.3
4 hours ago
Canto
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability
4.3
4 hours ago
Quiz And Survey Master
<= 10.1.0
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
5.3
4 hours ago
Backup Guard
<= 3.1.19.8
Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability
4.9
4 hours ago
LatePoint
<= 5.3.2
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
5.3
4 hours ago
Tutor LMS
<= 3.9.8
Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
7.6
4 hours ago
Tutor LMS
<= 3.9.8
Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
5.3
4 hours ago
Kubio AI Page Builder
<= 2.7.2
Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability
5.3
4 hours ago
Form Maker by 10Web
<= 1.15.40
Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability
7.6
4 hours ago
Royal Elementor Addons
<= 1.7.1056
Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget vulnerability
6.5
4 hours ago
OneSignal – Web Push Notifications
<= 3.8.0
WordPress OneSignal - Web Push Notifications plugin <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id' vulnerability
3.1
6 hours ago
Better Find and Replace
<= 1.7.9
WordPress Better Find and Replace - AI-Powered Suggestions plugin <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title vulnerability
5.9
6 hours ago
Prismatic
<= 3.7.3
Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode vulnerability
7.1
19 hours ago
Livemesh Addons for Elementor
<= 9.0
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings vulnerability
6.5
19 hours ago
Customer Reviews for WooCommerce
<= 5.101.0
Reflected Cross-Site Scripting via 'crsearch' vulnerability
7.1
19 hours ago
Product Pricing Table by WooBeWoo
<= 1.1.0
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
7.1
20 hours ago
WP Docs
<= 2.2.9
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' vulnerability
6.5
20 hours ago
Form Maker by 10Web
<= 1.15.40
Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability
7.1
20 hours ago
Riaxe Product Customizer
<= 2.1.2
Unauthenticated SQL Injection via 'options' Parameter Keys in product_data vulnerability
9.3
20 hours ago
Accessibility Suite
<= 4.20
Authenticated (Subscriber+) SQL Injection via 'scan_id' Parameter vulnerability
8.5
21 hours ago
Load more