The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,930

MitigationsMitigation rules15,490

No official patch12,987

In triage1,541

Published soon22

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Booking Package<= 1.7.16 Authenticated (Editor+) Privilege Escalation vulnerability	7.2	1 hour ago
Ad Inserter<= 2.8.15 Reflected Cross-Site Scripting vulnerability	7.1	1 hour ago
Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More<= 1.0.15 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 hour ago
All In One WP Security & Firewall<= 5.4.7 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	1 hour ago
Advanced Google reCAPTCHA<= 5.38 Authenticated (Subscriber+) Authentication Bypass vulnerability	8.8	1 hour ago
Hippoo Mobile App for WooCommerce<= 1.9.4 Unauthenticated Authentication Bypass to Administrator Account Takeover vulnerability	9.8	1 hour ago
WP User Manager<= 2.9.17 Unauthenticated Path Traversal to Local File Inclusion vulnerability	7.5	1 hour ago
6Storage Rentals<= 2.22.0 Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification vulnerability	7.5	2 hours ago
Advanced Google reCAPTCHA<= 5.38 Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability	8.8	2 hours ago
Events Calendar for GeoDirectory<= 2.3.28 Authenticated (Subscriber+) Privilege Escalation vulnerability	8.8	2 hours ago
Recover Exit For WooCommerce<= 1.0.3 Unauthenticated Local File Inclusion vulnerability	10	2 hours ago
WP User Frontend<= 4.3.2 Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability	4.3	14 hours ago
Blocksy<= 2.1.41 Authenticated (Contributor+) PHP Object Injection vulnerability	8.8	15 hours ago
Unlimited Elementor Inner Sections By BoomDevs<= 1.3.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	15 hours ago
MailerPress<= 2.0.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	15 hours ago
kk blog card<= 1.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
jQuery Hover Footnotes<= 1.4 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	20 hours ago
jQuery Hover Footnotes<= 1.4 Authenticated (Author+) Stored Cross-Site Scripting vulnerability	5.9	20 hours ago
TinyMCE shortcode Addon<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	20 hours ago
Global Body Mass Index Calculator<= 1.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	20 hours ago