The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,755

MitigationsMitigation rules13,547

No official fix10,538

In triage1,101

Published soon20

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WP RSS Aggregator<= 5.0.10 WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability	7.1	1 hour ago
Awesome Support<= 6.3.6 WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability	6.5	2 hours ago
Supreme Modules Lite<= 2.5.62 Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability	9.1	2 hours ago
AffiliateX1.0.0-1.3.9.3 Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting	6.5	2 hours ago
Restrict Content<= 3.2.16 WordPress Membership Plugin - Restrict Content plugin <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability	7.5	2 hours ago
Cost Calculator Builder<= 3.6.9 Missing Authorization to Unauthenticated Payment Status Bypass vulnerability	5.3	9 hours ago
User Submitted Posts<= 20260110 Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode vulnerability	6.5	9 hours ago
LEAV Last Email Address Validator<= 1.7.1 Cross-Site Request Forgery to Plugin Settings Update vulnerability	4.3	9 hours ago
Related Posts by Taxonomy<= 2.7.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability	6.5	9 hours ago
DK PDF – WordPress PDF Generator<= 2.3.0 WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability	5	9 hours ago
Rede Itaú for WooCommerce<= 5.1.2 Missing Authorization to Unauthenticated Rede Order Logs Deletion vulnerability	5.3	10 hours ago
Rede Itaú for WooCommerce<= 5.1.2 WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin <= 5.1.2 - Unauthenticated Order Status Manipulation vulnerability	5.3	10 hours ago
All In One SEO Pack<= 4.9.2 WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability	4.3	10 hours ago
Booking Calendar<= 10.14.11 Missing Authorization to Sensitive Information Exposure vulnerability	4.3	10 hours ago
Shield Security<= 21.0.9 Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability	4.3	10 hours ago
Kalium<= 3.29 Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability	5.3	10 hours ago
WP-Members<= 3.5.4.3 Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability	6.5	1 day ago
Simply Schedule Appointments<= 1.6.9.9 Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability	9.3	1 day ago
Drag and Drop Multiple File Upload – Contact Form 7<= 1.3.9.2 Missing Authorization to Unauthenticated File Deletion vulnerability	3.7	1 day ago
List Site Contributors<= 1.1.8 Reflected Cross-Site Scripting via alpha vulnerability	7.1	1 day ago