The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total48,890
Mitigations15,792
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
Shortcodes and extra features for Phlox theme<= 2.17.16
Cross Site Scripting (XSS) vulnerability
6.5
3 hours ago
HubSpot<= 11.3.51
Sensitive Data Exposure vulnerability
7.4
3 hours ago
VikBooking Hotel Booking Engine & PMS<= 1.8.12
CSRF to Arbitrary File Deletion vulnerability
7.4
3 hours ago
Enable Media Replace<= 4.2.1
Cross Site Scripting (XSS) vulnerability
5.9
3 hours ago
ApplyOnline<= 2.6.7.6
Broken Access Control vulnerability
5.3
4 hours ago
ThumbPress<= 6.3.2
Broken Access Control vulnerability
4.3
4 hours ago
Webba Booking<= 6.4.13
Broken Access Control vulnerability
5.3
4 hours ago
PrivateContent<= 9.9.2
Privilege Escalation vulnerability
9.8
7 hours ago
LatePoint<= 5.6.3
Authenticated (Custom+) Privilege Escalation to Administrator vulnerability
8.8
8 hours ago
NEX-Forms<= 9.2.2
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
8 hours ago
VikBooking Hotel Booking Engine & PMS<= 1.8.12
Reflected Cross-Site Scripting vulnerability
7.1
8 hours ago
LearnPress<= 4.3.9.1
Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure vulnerability
6.5
10 hours ago
Custom Payment Gateways for WooCommerce<= 2.1.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
10 hours ago
ChatBot<= 8.4.9
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
10 hours ago
WP Google Review Slider<= 18.1
Reflected Cross-Site Scripting vulnerability
7.1
10 hours ago
Webmention<= 5.8.0
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
10 hours ago
Ninja Forms<= 3.14.1
Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability
7.5
10 hours ago
BookingPress Appointment Booking Pro<= 5.7.1
Unauthenticated SQL Injection vulnerability
9.3
11 hours ago
WP-BusinessDirectory<= 4.0.1
Unauthenticated Arbitrary File Deletion vulnerability
8.6
11 hours ago
Taskbuilder<= 5.0.8
Authenticated (Subscriber+) SQL Injection vulnerability
8.5
11 hours ago