Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,206
Mitigations
Mitigation rules
14,019
No official fix
10,890
In triage
1,334
Published soon
42
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Master Addons for Elementor
<= 2.0.6.1
Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability
7.2
3 hours ago
Lazy Blocks
<= 4.2.0
WordPress Custom Block Builder - Lazy Blocks plugin <= 4.2.0 - Authenticated (Contributor+) Remote Code Execution vulnerability
8.8
3 hours ago
Twitter posts to Blog
<= 1.11.25
Missing Authorization to Unauthenticated Plugin Settings Update vulnerability
6.5
4 hours ago
Slimstat Analytics
<= 5.3.1
Authenticated (Subscriber+) SQL Injection via `args` Parameter vulnerability
8.5
4 hours ago
Videospirecore Theme
<= 1.0.6
Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover vulnerability
8.8
5 hours ago
WPvivid Backup and Migration
<= 0.9.123
Unauthenticated Arbitrary File Upload vulnerability
10
5 hours ago
WPZOOM Addons for Elementor
<= 1.3.2
WordPress WPZOOM Addons for Elementor - Starter Templates & Widgets plugin <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more vulnerability
5.3
13 hours ago
IDE Micro code-editor
<= 1.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute vulnerability
6.5
13 hours ago
BuddyHolis ListSearch
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute vulnerability
6.5
13 hours ago
WDES Responsive Popup
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute vulnerability
6.5
13 hours ago
Invoct – PDF Invoices & Billing for WooCommerce
<= 1.6
WordPress Invoct - PDF Invoices & Billing for WooCommerce plugin <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
4.3
13 hours ago
MMA Call Tracking
<= 2.3.15
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
13 hours ago
WPlyr Media Block
<= 1.3.0
Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter vulnerability
5.9
13 hours ago
Slideshow Wp
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability
6.5
13 hours ago
Sudoku Shortcode
<= 1.0.0
Authenticated (Contributor+) Cross-Site Scripting via 'background' Shortcode Attribute vulnerability
6.5
13 hours ago
HTML Shortcodes
<= 1.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 hours ago
OpenPOS Lite – Point of Sale for WooCommerce
<= 3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 hours ago
WaMate Confirm
<= 2.0.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability
5.3
13 hours ago
Category Image
<= 2.0
Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability
5.9
13 hours ago
Microtango
<= 0.9.29
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 hours ago
Load more