The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,280

Mitigation rules13,148

No official fix9,821

In triage1,618

Published soon9

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
PostGallery<= 1.12.5 Authenticated (Subscriber+) Arbitrary File Upload vulnerability	9.9	2 hours ago
Clikstats<= 0.8 Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability	7.1	5 hours ago
Timetable and Event Schedule< 2.4.16 Contributor+ Event Disclosure via IDOR vulnerability	4.3	13 hours ago
Custom Post Type UI<= 1.18.0 Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability	4.8	13 hours ago
Beaver Builder<= 2.9.4 Missing Authorization to Authenticated (Contributor+) Builder Status Tampering vulnerability	5.4	13 hours ago
WebP Express<= 0.25.9 Unauthenticated Information Exposure vulnerability	5.3	13 hours ago
Post SMTP<= 3.6.1 Missing Authorization to Authenticated (Subscriber+) OAuth Token Update vulnerability	5.4	14 hours ago
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Upload via Race Condition vulnerability	6.6	1 day ago
Modula Image Gallery2.13.1-2.13.2 Authenticated (Author+) Arbitrary File Deletion vulnerability	6.8	1 day ago
DB Access<= 0.8.7 Subscriber+ SQLi vulnerability	8.5	1 day ago
WP Directory Kit1.4.0-1.4.4 Authentication Bypass to Privilege Escalation via Account Takeover vulnerability	9.8	1 day ago
Frontend Admin by DynamiApps<= 3.28.20 Unauthenticated Arbitrary Options Update vulnerability	9.8	1 day ago
DesignThemes LMS<= 1.0.4 Unauthenticated Privilege Escalation vulnerability	9.8	1 day ago
Advanced Custom Fields: Extended0.9.0.5-0.9.1.1 Unauthenticated Remote Code Execution vulnerability	10	1 day ago
SureMail<= 1.9.0 Unauthenticated Arbitrary File Upload vulnerability	10	1 day ago
FindAll Listing<= 1.0.5 Unauthenticated Privilege Escalation vulnerability	9.8	1 day ago
Autoptimize<= 3.1.13 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago
TaxoPress<= 3.40.1 Authenticated (Contributor+) SQL Injection vulnerability	8.5	1 day ago
TaxoPress<= 3.40.1 Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation vulnerability	4.3	1 day ago
HUSKY<= 1.3.7.2 Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' vulnerability	4.3	1 day ago