The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,332

Mitigation rules13,157

No official fix9,860

In triage1,651

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Canadian Nutrition Facts Label<= 3.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type vulnerability	6.5	4 hours ago
Social Feed Gallery Portfolio<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability	6.5	4 hours ago
CodeConfig Accessibility<= 1.0.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability	5.4	4 hours ago
RevInsite<= 1.1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	4 hours ago
Extra Post Images<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	4 hours ago
Cute News Ticker<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute vulnerability	6.5	4 hours ago
g-FFL Cockpit<= 1.7.1 Improper Authorization to Unauthenticated Product Deletion vulnerability	5.3	5 hours ago
CSS3 Buttons<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	5 hours ago
List Attachments Shortcode<= 0.4.1a Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability	5.9	5 hours ago
WP Landing Page<= 0.9.3 Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability	4.3	5 hours ago
Listar – Directory Listing & Classifieds<= 3.0.0 Missing Authorization to Authenticated (Subscriber+) Listing Update vulnerability	5.4	5 hours ago
Helloprint<= 2.1.2 Missing Authorization to Unauthenticated Arbitrary Order Status Modification vulnerability	5.3	5 hours ago
Search, Filters & Merchandising for WooCommerce<= 3.0.63 Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation vulnerability	5.4	6 hours ago
Ultra Skype Button<= 1.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability	6.5	6 hours ago
TR Timthumb<= 1.0.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	6 hours ago
Yet Another WebClap for WordPress<= 0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	6 hours ago
weDocs<= 2.1.14 Missing Authorization to Settings Update vulnerability	5.4	6 hours ago
Nouri.sh Newsletter<= 1.0.1.3 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	21 hours ago
Jabbernotification<= 0.99-RC2 Reflected Cross-Site Scripting via admin.php PATH_INFO vulnerability	7.1	21 hours ago
Time Sheets<= 2.1.3 Use of Known Vulnerable Component vulnerability	7.2	22 hours ago