The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total38,799

MitigationsMitigation rules14,323

No official patch11,114

In triage1,236

Published soon71

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WP User Frontend<= 4.2.8 Authenticated (Author+) Arbitrary File Upload vulnerability	8.8	1 day ago
Fluent Forms Pro Add On Pack<= 6.1.17 Missing Authorization to Unauthenticated Payment Status modification vulnerability	7.5	1 day ago
Listee<= 1.1.6 Unauthenticated Privilege Escalation vulnerability	9.8	1 day ago
PKT1 Centro de envios<= 1.2.1 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
Analytics Cat<= 1.1.2 Reflected Cross-Site Scripting vulnerability	7.1	1 day ago
MailArchiver<= 4.5.0 Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter vulnerability	7.6	1 day ago
Japanized For WooCommerce<= 2.8.4 Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability	5.3	1 day ago
Electric Enquiries<= 1.1 Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability	6.5	1 day ago
WP Accessibility<= 2.3.1 Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability	6.5	1 day ago
Simple Download Monitor<= 4.0.5 Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability	6.5	1 day ago
Xpro Elementor Addons<= 1.4.24 WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability	6.5	1 day ago
Automotive Car Dealership Business<= 13.4 Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields vulnerability	6.5	1 day ago
WP Recipe Maker<= 10.3.2 Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability	5.3	1 day ago
Midi<= 1.14 Local File Inclusion vulnerability	8.1	2 days ago
Verse<= 1.7.0 Local File Inclusion vulnerability	8.1	2 days ago
Little Birdies<= 1.3.16 Local File Inclusion vulnerability	8.1	2 days ago
UDesign<= 4.14.0 Reflected Cross Site Scripting (XSS) vulnerability	7.1	2 days ago
Filr<= 1.2.12 Arbitrary File Upload vulnerability	8.5	2 days ago
JetEngine<= 3.7.2 Remote Code Execution (RCE) vulnerability	8.5	2 days ago
Royal Elementor Addons<= 1.7.1049 Other Vulnerability Type vulnerability	8.2	2 days ago