The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing
Rated 4.9
Total47,477
Mitigations15,273
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
WordPress<= 6.9.3
XML External Entity (XXE) vulnerability
6.5
10/03/2026
WordPress6.9-6.9.3
Broken Access Control in Notes vulnerability
4.3
10/03/2026
WordPress<= 6.9.1
Missing Authorization to Authenticated (Author+) Sensitive Information Disclosure vulnerability
4.3
10/03/2026
WordPress6.9-6.9.1
Server-Side Request Forgery (SSRF) vulnerability
5.4
10/03/2026
WordPress6.9-6.9.1
Cross-Site Scripting vulnerability
5.5
10/03/2026
WordPress6.9-6.9.1
Stored Cross-Site Scripting
5.9
10/03/2026
WordPress<= 6.8.2
(Author+) Cross Site Scripting (XSS) Vulnerability
5.9
22/09/2025
WordPress<= 6.8.2
(Contributor+) Sensitive Data Exposure Vulnerability
4.3
22/09/2025
WordPress< 6.5.5
Contributor+ Path Traversal (Windows Only) vulnerability
5
25/06/2024
WordPress< 6.5.5
Cross Site Scripting (XSS) via template-part vulnerability
6.5
25/06/2024
WordPress< 6.5.5
Contributor+ Stored Cross-Site Scripting via HTML API
6.5
25/06/2024
WordPress<= 6.5.0
Authenticated (Contributor+) Stored Cross-Site Scripting Via Avatar Block vulnerability
6.5
09/04/2024
WordPress<= 6.4.3
Sensitive Information Exposure via redirect_guess_404_permalink vulnerability
5.3
05/04/2024
WordPress< 6.4.3
Auth. (Admin+) PHP File Upload vulnerability
6.6
31/01/2024
WordPress< 6.3.2
Cache Poisoning Denial of Service vulnerability
5.3
13/10/2023
WordPress< 6.3.2
Contributor+ Stored XSS in Navigation Links Block vulnerability
6.5
13/10/2023
WordPress< 6.3.2
Contributor+ Comment Read on Private and Password Protected Post vulnerability
4.3
13/10/2023
WordPress< 6.3.2
Reflected Cross-Site Scripting via Application Password Requests
6.1
13/10/2023
WordPress< 6.3.2
Sensitive Information Exposure via User Search REST Endpoint
5.3
13/10/2023
WordPress6.3-6.3.1
Auth. (Contributor+) Cross-Site Scripting via Footnotes Block
6.4
13/10/2023