Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,331
Mitigations
Mitigation rules
14,611
No official patch
11,210
In triage
1,321
Published soon
17
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Add Custom Fields to Media
<= 2.0.3
Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter vulnerability
4.3
5 minutes ago
Draft List
<= 2.6.2
Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability
5.9
35 minutes ago
Download Manager
<= 3.3.49
Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability
4.3
39 minutes ago
Info Cards
<= 2.0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability
6.5
47 minutes ago
NextGEN Gallery
<= 4.0.4
WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability
7.2
52 minutes ago
Code Embed
<= 2.5.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
18 hours ago
Post SMTP
<= 3.8.0
Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite vulnerability
5.4
18 hours ago
JSON Content Importer
< 2.0.10
Contributor+ Stored XSS vulnerability
6.5
18 hours ago
Contextual Related Posts
< 4.2.2
Broken Access Control vulnerability
5.3
1 day ago
Writeprint Stylometry
<= 0.1
Reflected Cross-Site Scripting via 'p' Parameter vulnerability
7.1
1 day ago
[CR]Paid Link Manager
<= 0.5
Reflected Cross-Site Scripting vulnerability
7.1
1 day ago
WP Go Maps
<= 10.0.05
Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings vulnerability
6.5
1 day ago
Duplicate Post
<= 4.5
Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability
5.4
1 day ago
Subscriptions for WooCommerce
<= 1.9.2
Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability
5.3
1 day ago
Royal Elementor Addons
<= 1.7.1049
WordPress Royal Addons for Elementor - Addons and Templates Kit for Elementor plugin <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure vulnerability
5.3
1 day ago
WP System Log
<= 1.2.7
Broken Access Control vulnerability
6.5
2 days ago
Traveler
< 3.2.8.1
PHP Object Injection vulnerability
9.8
2 days ago
PublishPress Authors
<= 4.10.1
Broken Access Control vulnerability
7.5
2 days ago
The League
<= 4.4.1
Broken Access Control vulnerability
6.5
2 days ago
Remoji
<= 2.2
Cross Site Scripting (XSS) vulnerability
7.1
2 days ago
Load more