Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,024
Mitigations
Mitigation rules
13,905
No official fix
10,833
In triage
1,246
Published soon
35
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Mail Mint
<= 1.19.2
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
7.1
2 minutes ago
Mortgage Calculator Estatik
<= 2.0.11
Reflected Cross-Site Scripting vulnerability
7.1
9 minutes ago
Library Viewer
< 3.2.0
Reflected Cross-Site Scripting vulnerability
7.1
12 minutes ago
EventON-RSVP
< 2.9.5
Reflected XSS vulnerability
7.1
14 minutes ago
Meris
<= 1.1.2
Reflected XSS vulnerability
7.1
15 minutes ago
Essential Blocks for Gutenberg
< 4.4.3
Unauthenticated Local File Inclusion vulnerability
8.1
27 minutes ago
WP Duplicate
<= 1.1.8
Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability
9.8
30 minutes ago
Yoast SEO
<= 26.8
Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability
6.5
6 hours ago
Events Listing Widget
<= 1.3.4
Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability
5.9
6 hours ago
Code Snippets
<= 3.9.4
Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability
4.3
6 hours ago
Employee Directory
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability
6.5
6 hours ago
Docus
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
6 hours ago
WaveSurfer-WP
<= 2.8.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
6 hours ago
Orange Comfort+ accessibility toolbar for WordPress
<= 0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
6 hours ago
OAuth Single Sign On – SSO (OAuth Client)
<= 6.26.14
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability
5.3
6 hours ago
Timeline Block
<= 1.3.3
Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability
4.3
6 hours ago
Product Enquiry for WooCommerce
< 3.1
Admin+ Stored XSS vulnerability
5.9
8 hours ago
Ultimate Maps by Supsystic
< 1.2.16
Admin+ Stored XSS vulnerability
5.9
8 hours ago
WP Customer Area
< 8.2.1
Subscriber+ Account Address Update vulnerability
5.4
8 hours ago
Post SMTP
< 2.8.7
Admin+ SQL Injection vulnerability
7.6
8 hours ago
Load more
