The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,591

Mitigation rules13,192

No official fix9,959

In triage1,558

Published soon50

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Coding Blocks<= 1.1.0 Cross-Site Request Forgery to Settings Update vulnerability	4.3	5 minutes ago
Animated Pixel Marquee Creator<= 1.0.0 Cross-Site Request Forgery via 'marquee' Parameter vulnerability	4.3	43 minutes ago
Vimeo SimpleGallery<= 0.2 Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification vulnerability	5.4	45 minutes ago
Paypal Payment Shortcode<= 1.01 Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute vulnerability	6.5	46 minutes ago
BuddyTask<= 1.3.0 Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation vulnerability	5.4	47 minutes ago
App Landing Template Blocks for WPBakery (Visual Composer) Page Builder<= 2.0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	51 minutes ago
Hide Email Address<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	53 minutes ago
Data Visualizer<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	53 minutes ago
Better Elementor Addons<= 1.5.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Slider Widget vulnerability	6.5	56 minutes ago
Simple Nivo Slider<= 0.5.6 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	58 minutes ago
Reviews Sorted<= 2.4.2 Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute vulnerability	6.5	3 hours ago
SimplyConvert<= 1.0 Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option vulnerability	5.9	3 hours ago
LT Unleashed<= 1.1.1 Authenticated (Contributor+) Local File Inclusion via 'template' Parameter vulnerability	7.5	3 hours ago
LJUsers<= 1.2.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability	6.5	3 hours ago
WP Job Portal<= 2.4.0 Authenticated (Subscriber+) Arbitrary File Read vulnerability	6.5	10 hours ago
Elated Membership<= 1.2 Authentication Bypass via Social Login vulnerability	9.8	13 hours ago
WP CarDealer<= 1.2.16 Unauthenticated Privilege Escalation vulnerability	9.8	15 hours ago
Widgets for Google Reviews<= 13.2.1 Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability	6.5	20 hours ago
List category posts<= 0.91.0 Authenticated (Contributor+) SQL Injection via Plugin's Shortcode vulnerability	8.5	20 hours ago
Feedzy<= 5.1.1 Unauthenticated Blind Server-Side Request Forgery vulnerability	5.4	20 hours ago