Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,004
Mitigations
Mitigation rules
13,899
No official fix
10,832
In triage
1,239
Published soon
37
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP All Import
< 3.7.3
Admin+ Arbitrary File Upload to RCE vulnerability
9.1
6 minutes ago
Community by PeepSo
< 6.3.1.2
User Post Creation via CSRF vulnerability
4.3
10 minutes ago
Hubbub Lite
< 1.32.0
Admin+ Stored XSS vulnerability
5.9
24 minutes ago
Relevanssi Premium
< 2.25.0
Unauthenticated Private/Draft Post Disclosure vulnerability
5.3
42 minutes ago
Relevanssi
< 4.22.0
Unauthenticated Private/Draft Post Disclosure vulnerability
5.3
43 minutes ago
Greenshift
<= 12.5.7
WordPress GreenShift - Animation and Page Builder Blocks plugin <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys vulnerability
4.3
12 hours ago
Image Map Block – Gutenberg block to create image map with hyperlink
<= 1.0.2
Unauthenticated Server-Side Request Forgery via image-proxy Endpoint vulnerability
7.2
13 hours ago
Peter’s Date Countdown
<= 2.0.0
Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
7.1
14 hours ago
ShortPixel Image Optimizer
<= 6.4.2
Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter vulnerability
4.9
14 hours ago
ELEX WordPress HelpDesk & Customer Ticketing System
<= 3.3.5
Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability
5.3
22 hours ago
ProfileGrid
<= 5.9.7.2
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability
5.3
22 hours ago
ProfileGrid
<= 5.9.7.2
WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability
4.3
22 hours ago
Robin image optimizer
<= 2.0.2
Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field vulnerability
5.9
22 hours ago
Dynamic Widget Content
<= 1.3.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field vulnerability
6.5
22 hours ago
Essential Widgets
<= 3.0
Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
6.5
22 hours ago
PopupKit
<= 2.2.0
Unauthenticated SQL Injection via Multiple REST API Endpoints vulnerability
7.6
23 hours ago
UserPlus
<= 2.0
Missing Authorization via Multiple Functions vulnerability
6.3
1 day ago
Sell BTC – Cryptocurrency Selling Calculator
<= 1.5
WordPress Sell BTC - Cryptocurrency Selling Calculator plugin <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action vulnerability
7.1
1 day ago
School Management
<= 91.5.0
Authenticated (Student+) Arbitrary File Upload vulnerability
9.9
1 day ago
Booking Calendar and Notification
<= 4.0.3
Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_delete_posts Functions vulnerability
6.5
1 day ago
Load more
