Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,989
Mitigations
Mitigation rules
14,880
No official patch
11,331
In triage
1,407
Published soon
6
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Tutor LMS
<= 3.9.7
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
7.5
22 minutes ago
Perfmatters
<= 2.5.9
Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
8.1
24 minutes ago
MW WP Form
<= 5.1.1
Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability
8.1
2 hours ago
User Registration
<= 5.1.2
Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability
8.5
3 hours ago
Advanced Members for ACF
<= 1.2.5
Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal vulnerability
8.8
3 hours ago
Quick Playground
<= 1.3.1
Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability
10
3 hours ago
ProSolution WP Client
<= 1.9.9
Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability
10
3 hours ago
AddFunc Head & Footer Code
<= 2.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
12 hours ago
Aruba HiSpeed Cache
<= 3.0.4
Cross-Site Request Forgery to Plugin Settings Reset vulnerability
4.3
12 hours ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
4.3
12 hours ago
Download Manager
<= 3.3.51
Missing Authorization to Authenticated (Contributor+) Media File Protection Removal vulnerability
4.3
12 hours ago
WP-Optimize
<= 4.5.0
Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation vulnerability
5.4
12 hours ago
Bookly
<= 27.0
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
5.3
12 hours ago
List category posts
<= 0.94.0
Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability
6.5
12 hours ago
Ultimate FAQ
<= 2.4.7
Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability
5.9
12 hours ago
OSM
<= 6.1.15
Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute vulnerability
6.5
13 hours ago
MStore API
<= 4.18.3
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta Update vulnerability
4.3
13 hours ago
Experto Dashboard for WooCommerce
<= 1.0.4
Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting vulnerability
5.9
13 hours ago
Download Manager
<= 3.3.52
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
13 hours ago
Ziggeo
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action vulnerability
5.4
13 hours ago
Load more