Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
37,955
Mitigations
Mitigation rules
13,856
No official fix
10,813
In triage
1,203
Published soon
13
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Persian Woocommerce SMS
<= 7.0.5
Reflected Cross-Site Scripting vulnerability
7.1
5 minutes ago
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto
<= 8.0.11
Unauthentiated Stored Cross-Site Scripting via Form File Upload vulnerability
7.2
7 minutes ago
ForumWP
<= 2.1.2
WordPress ForumWP - Forum & Discussion Board plugin <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter vulnerability
7.1
1 hour ago
WooCommerce PDF Invoice Builder
<= 1.2.136
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
Schema App Structured Data
<= 2.2.4
Reflected Cross-Site Scripting vulnerability
7.1
1 hour ago
Ebook Store
<= 5.8001
Reflected Cross-Site Scripting vulnerability
7.1
2 hours ago
Infility Global
<= 2.14.46
Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass vulnerability
9.3
3 hours ago
SEO Flow by LupsOnline
<= 2.2.1
Unauthenticated Arbitrary Post/Category Modification vulnerability
7.5
3 hours ago
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce
<= 1.1.1
Missing Authorization to Unauthenticated Arbitrary plugin Installation/Activation vulnerability
9.8
3 hours ago
WebinarPress
<= 1.33.24
WordPress WordPress Webinar Plugin - WebinarPress plugin <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates vulnerability
8.8
3 hours ago
WooCommerce Support Ticket System
<= 17.7
Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
8.8
3 hours ago
WP JobHunt
<= 7.1
Unauthenticated Privilege Escalation via Email Update/Account Takeover vulnerability
9.8
3 hours ago
SportsPress – Sports Club & League Manager
<= 2.7.26
Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
8.8
10 hours ago
Code Explorer
<= 1.4.6
Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter vulnerability
4.9
11 hours ago
Fortis for WooCommerce
<= 1.2.0
Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint vulnerability
5.3
11 hours ago
All push notification for WP
<= 1.5.3
Authenticated (Administrator+) SQL Injection via 'delete_id' Parameter vulnerability
7.6
11 hours ago
WP Content Permission
<= 1.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability
5.9
11 hours ago
Magic Import Document Extractor
<= 1.0.4
Unauthenticated Sensitive Information Exposure vulnerability
5.3
11 hours ago
Chapa Payment Gateway Plugin for WooCommerce
<= 1.0.3
Unauthenticated Sensitive Information Exposure vulnerability
5.3
11 hours ago
Magic Import Document Extractor
<= 1.0.4
Missing Authorization to Unauthenticated Plugin License Status Modification vulnerability
5.3
11 hours ago
Load more