Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,024
Mitigations
Mitigation rules
13,911
No official fix
10,830
In triage
1,251
Published soon
35
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Aiomatic
<= 2.0.5
WordPress AIomatic - Automatic AI Content Writer plugin <= 2.0.5 - Unauthenticated Arbitrary Email Sending vulnerability
5.8
33 minutes ago
Form Maker by 10Web
<= 1.15.35
Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability
7.1
55 minutes ago
OS DataHub Maps
<= 1.8.3
Authenticated (Author+) Arbitrary File Upload vulnerability
9.1
1 hour ago
Form Maker by 10Web
<= 1.15.35
Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability
7.1
1 hour ago
PeproDev WooCommerce Receipt Uploader
<= 2.6.9
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
Mail Mint
<= 1.19.2
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
7.1
1 hour ago
Mortgage Calculator Estatik
<= 2.0.11
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
Library Viewer
< 3.2.0
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
EventON-RSVP
< 2.9.5
Reflected XSS vulnerability
7.1
1 hour ago
Meris
<= 1.1.2
Reflected XSS vulnerability
7.1
1 hour ago
Essential Blocks for Gutenberg
< 4.4.3
Unauthenticated Local File Inclusion vulnerability
8.1
2 hours ago
WP Duplicate
<= 1.1.8
Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability
9.8
2 hours ago
Yoast SEO
<= 26.8
Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability
6.5
7 hours ago
Events Listing Widget
<= 1.3.4
Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability
5.9
7 hours ago
Code Snippets
<= 3.9.4
Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability
4.3
7 hours ago
Employee Directory
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability
6.5
7 hours ago
Docus
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
7 hours ago
WaveSurfer-WP
<= 2.8.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
7 hours ago
Orange Comfort+ accessibility toolbar for WordPress
<= 0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
7 hours ago
OAuth Single Sign On – SSO (OAuth Client)
<= 6.26.14
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability
5.3
7 hours ago
Load more