Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,659
Mitigations
Mitigation rules
14,811
No official patch
11,249
In triage
1,597
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Spam Protect for Contact Form 7
< 1.2.10
Editor+ Remote Code Execution vulnerability
7.2
31 minutes ago
Perfmatters
<= 2.5.9.1
Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter vulnerability
8.1
34 minutes ago
MSTW League Manager
<= 2.10
Cross Site Scripting (XSS) vulnerability
6.5
18 hours ago
Webmention
<= 5.6.2
Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
6.4
23 hours ago
MW WP Form
<= 5.1.0
Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir vulnerability
8.1
23 hours ago
W3 Total Cache
<= 2.9.3
Unauthenticated Security Token Exposure via User-Agent Header vulnerability
7.5
1 day ago
Order Listener for WooCommerce
< 3.6.3
Unauthenticated WooCommerce REST Permission Bypass vulnerability
7.5
1 day ago
Webmention
<= 5.6.2
Unauthenticated Blind Server-Side Request Forgery vulnerability
5.4
1 day ago
Export All URLs
< 5.1
Unauthenticated Sensitive Data Exposure vulnerability
5.3
1 day ago
Query Monitor
<= 3.20.3
Reflected Cross-Site Scripting via Request URI vulnerability
7.1
1 day ago
Ultimate Addons for WPBakery Page Builder
< 3.21.4
Cross Site Scripting (XSS) vulnerability
6.5
1 day ago
King Addons for Elementor
<= 51.1.53
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets vulnerability
6.5
2 days ago
Contact Form Entries
<= 1.4.9
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
4.3
2 days ago
Shortcodes Ultimate
<= 7.4.10
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability
6.5
2 days ago
Amelia
<= 2.1.2
Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability
8.5
2 days ago
Performance Monitor
<= 1.0.6
Unauthenticated Blind SSRF vulnerability
5.4
2 days ago
Minify HTML
<= 2.1.12
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
2 days ago
Profile Builder
<= 3.15.5
WordPress User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar Field vulnerability
4.3
2 days ago
Simple Membership
<= 4.7.1
Broken Access Control vulnerability
7.5
2 days ago
Auto Post Scheduler
<= 1.84
Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page vulnerability
7.1
2 days ago
Load more