The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,389

MitigationsMitigation rules13,389

No official fix10,323

In triage1,163

Published soon32

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Quiz And Survey Master<= 10.3.1 Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads vulnerability	6.5	11 hours ago
Xagio SEO<= 7.1.0.30 Authenticated (Subscriber+) Server-Side Request Forgery vulnerability	6.4	11 hours ago
Timetics<= 1.0.36 Missing Authorization to Unauthenticated Booking Details View And Modification vulnerability	6.5	12 hours ago
Simply Schedule Appointments<= 1.6.9.5 Unauthenticated Sensitive Information Exposure vulnerability	6.5	12 hours ago
CBX Bookmark & Favorite<= 2.0.4 Authenticated (Subscriber+) SQL Injection via `orderby` Parameter vulnerability	8.5	13 hours ago
ForumWP<= 2.1.6 Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name vulnerability	6.5	13 hours ago
FS Registration Password<= 1.0.1 Unauthenticated Privilege Escalation via Account Takeover vulnerability	9.8	14 hours ago
BuddyPress Xprofile Custom Field Types<= 1.2.8 Authenticated (Subscriber+) Arbitrary File Deletion vulnerability	7.7	14 hours ago
FastDup<= 2.7 Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter vulnerability	6.5	14 hours ago
AS Password Field In Default Registration Form<= 2.0.0 Unauthenticated Privilege Escalation via Account Takeover vulnerability	9.8	14 hours ago
Download Manager<= 3.3.40 Unauthenticated Limited Privilege Escalation via updatePassword vulnerability	7.3	14 hours ago
Quiz And Survey Master<= 10.3.1 Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion vulnerability	5.4	22 hours ago
LearnPress<= 4.3.2 Missing Authentication to Unauthenticated Course Modification vulnerability	5.3	22 hours ago
MasterStudy LMS<= 3.7.6 for Online Courses and Education plugin <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion vulnerability	5.4	22 hours ago
TaxoPress<= 3.41.0 Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification vulnerability	4.3	22 hours ago
Table Field Add-on for ACF and SCF<= 1.3.30 Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content vulnerability	5.9	22 hours ago
GamiPress<= 7.6.1 Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability	4.3	22 hours ago
Phlox<= 2.17.7 Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability	6.5	22 hours ago
PopupKit<= 2.2.0 Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion vulnerability	5.3	23 hours ago
URL Image Importer<= 1.0.7 Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability	5.9	23 hours ago