Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,807
Mitigations
Mitigation rules
13,575
No official fix
10,543
In triage
1,147
Published soon
11
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Viet contact
<= 1.3.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters vulnerability
5.9
7 hours ago
WP Hello Bar
<= 1.02
Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters vulnerability
5.9
7 hours ago
weMail
<= 2.0.7
Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability
5.3
7 hours ago
LearnPress
<= 4.3.2.4
WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability
5.3
8 hours ago
Newsletter
<= 9.1.0
WordPress Newsletter - Send awesome emails from WordPress plugin <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription vulnerability
4.3
8 hours ago
PeachPay Payments
<= 1.119.8
WordPress PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
5.3
8 hours ago
Image Photo Gallery Final Tiles Grid
<= 3.6.9
Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management vulnerability
5.4
8 hours ago
Poll, Survey & Quiz Maker Plugin by Opinion Stage
< 19.6.25
Unauthenticated Cross-Site Scripting (XSS) vulnerability
7.1
19 hours ago
Demo Importer Plus
<= 2.0.9
Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload vulnerability
7.5
19 hours ago
Thim Blocks
<= 1.0.1
Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter vulnerability
6.5
21 hours ago
Wallet System for WooCommerce
<= 2.7.2
Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation vulnerability
6.5
21 hours ago
Quick Contact Form
<= 8.2.6
Unauthenticated Open Mail Relay vulnerability
5.8
22 hours ago
YouTube Feed Pro
<= 2.6.0
Unauthenticated Arbitrary File Read via Path Traversal vulnerability
7.5
22 hours ago
RegistrationMagic
<= 6.0.7.1
Privilege Escalation via admin_order vulnerability
9.8
23 hours ago
PAYGENT for WooCommerce
<= 2.4.6
Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability
5.3
3 days ago
Integrate Dynamics 365 CRM
<= 1.1.1
Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration vulnerability
5.9
3 days ago
Advanced Ads
<= 2.0.15
WordPress Advanced Ads - Ad Manager & AdSense plugin <= 2.0.15 - Authenticated (Admin+) SQL Injection vulnerability
7.6
3 days ago
Spin Wheel
<= 2.1.0
Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter vulnerability
5.3
3 days ago
CM Email Registration Blacklist and Whitelist
<= 1.6.2
Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter vulnerability
5.9
3 days ago
Team Section Block
<= 2.0.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link vulnerability
6.5
3 days ago
Load more
