The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,336
Mitigations15,933
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_manage_auctions vulnerability
7.1
14 hours ago
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_auctions_bids_list vulnerability
7.1
14 hours ago
ICS Calendar<= 12.0.9
Reflected Cross-Site Scripting vulnerability
7.1
14 hours ago
Booking Package<= 1.7.20
Unauthenticated SQL Injection vulnerability
9.3
14 hours ago
WP Customer Area<= 8.3.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
16 hours ago
FoodBook Lite – Online Food Ordering System<= 1.5.6
Missing Authorization to Unauthenticated User Registration vulnerability
5.3
16 hours ago
News Kit Elementor Addons<= 1.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
16 hours ago
Fusion Builder<= 3.15.5
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
6.5
23 hours ago
Smart Slider 3<= 3.5.1.37
Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability
4.3
23 hours ago
Academy LMS<= 3.8.0
Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability
4.3
1 day ago
safeinstall-cli< 0.10.2
NPM: SafeInstall agent guard shell parsing can miss raw package execution
8.8
3 days ago
NEX-Forms<= 9.2.2
Missing Authorization to Unauthenticated Arbitrary Form Entry Modification vulnerability
5.3
3 days ago
TeraWallet – For WooCommerce<= 1.6.4
Missing Authorization to Authenticated (Subscriber+) User/Email Enumeration vulnerability
4.3
3 days ago
WCFM – Frontend Manager for WooCommerce<= 6.7.27
Missing Authorization to Unauthenticated Arbitrary Inquiry Reply Injection vulnerability
5.3
3 days ago
WCFM – Frontend Manager for WooCommerce<= 6.7.27
Authenticated (Subscriber+) Missing Authorization to Arbitrary Vendor Data Manipulation vulnerability
4.3
3 days ago
WCFM Marketplace<= 3.7.3
Authenticated (Vendor+) Stored Cross-Site Scripting vulnerability
6.5
3 days ago
tarteaucitronjs< 1.33.0
NPM: tarteaucitron: data-cookie attribute can be used to delete arbitrary cookies
4.3
3 days ago
@libp2p/gossipsub< 16.0.0
NPM: libp2p: CPU DoS via oversized IHAVE and IWANT control message arrays
7.5
3 days ago
morgan>= 1.2.0, <= 1.10.1
NPM: morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
5.3
3 days ago
WP Google Maps Pro<= 10.1.02
Cross Site Scripting (XSS) vulnerability
7.1
3 days ago