The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total48,076

MitigationsMitigation rules15,582

No official patch12,952

In triage1,536

Published soon41

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Appointment Booking Calendar<= 1.4.01 Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	10 hours ago
PowerPress Podcasting<= 11.16.8 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	10 hours ago
UsersWP<= 1.2.63 Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset vulnerability	2.7	10 hours ago
Customize My Account for WooCommerce<= 4.3.6 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	11 hours ago
Tutor LMS<= 3.9.11 Authenticated (Administrator+) SQL Injection vulnerability	7.6	11 hours ago
Simple Membership<= 4.7.5 Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation vulnerability	5.3	11 hours ago
Services Section block<= 1.4.4 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	11 hours ago
PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin<= 2.3.0 Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification vulnerability	4.3	11 hours ago
Orbit Fox by ThemeIsle<= 3.0.6 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	11 hours ago
Advanced Order Export For WooCommerce<= 4.0.10 Authenticated (Shop Manager+) SQL Injection vulnerability	7.6	11 hours ago
Gutenberg Blocks by Kadence Blocks<= 3.7.5 Authenticated (Contributor+) Sensitive Information Exposure vulnerability	4.3	12 hours ago
Form Maker by 10Web<= 1.15.43 Authenticated (Adminsitrator+) SQL Injection vulnerability	8.5	12 hours ago
Form Maker by 10Web<= 1.15.43 Authenticated (Administrator+) SQL Injection vulnerability	7.6	12 hours ago
Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets<= 1.3.13.1 Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability	5.3	12 hours ago
Accessibility Checker by Equalize Digital<= 1.42.1 Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification vulnerability	4.3	12 hours ago
e2pdf<= 1.32.26 Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation vulnerability	8.8	13 hours ago
Dokan<= 5.0.3 Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification vulnerability	4.3	13 hours ago
Optimole<= 4.2.6 Cross-Site Request Forgery vulnerability	4.3	1 day ago
FireBox<= 3.1.7 Unauthenticated Sensitive Information Exposure in 'form_id' Parameter vulnerability	5.3	1 day ago
myCred<= 3.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	1 day ago