Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,170
Mitigations
Mitigation rules
14,973
No official patch
11,321
In triage
1,389
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
CMP – Coming Soon & Maintenance
<= 4.1.16
WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability
7.2
4 hours ago
Ultimate Flipbox Addon for Elementor
<= 2.0.8
Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes vulnerability
5.9
4 hours ago
Pz-LinkCard
<= 2.5.8.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
4 hours ago
WpStream
< 4.11.2
Arbitrary File Upload vulnerability
5.4
2 days ago
FluentForm
6.1.21
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability
5.3
2 days ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.6
Authenticated (Contributor+) Arbitrary File Read via Path Traversal in Repeater JSON/CSV URL with Path Traversal vulnerability
7.5
2 days ago
wpForo Forum
<= 2.4.16
Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestposting' Parameter vulnerability
6.5
2 days ago
WP Statistics
<= 14.16.4
Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation vulnerability
6.5
2 days ago
WP Statistics
<= 14.16.4
Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
7.1
2 days ago
MasterStudy LMS
<= 3.7.25
Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
8.5
2 days ago
DirectoryPress
<= 3.6.26
WordPress DirectoryPress - Business Directory And Classified Ad Listing plugin <= 3.6.26 - Unauthenticated SQL Injection via 'packages' vulnerability
9.3
2 days ago
WowShipping Pro
< 1.0.8
Backdoor vulnerability
10
2 days ago
CMS für Motorrad Werkstätten
<= 1.0.0
Cross-Site Request Forgery vulnerability
4.3
3 days ago
Canto
<= 3.1.1
Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification vulnerability
4.3
3 days ago
Quiz And Survey Master
<= 10.1.0
Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields vulnerability
5.3
3 days ago
Backup Guard
<= 3.1.19.8
Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability
4.9
3 days ago
LatePoint
<= 5.3.2
Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability
5.3
3 days ago
Tutor LMS
<= 3.9.8
Authenticated (Admin+) SQL Injection via 'date' Parameter vulnerability
7.6
3 days ago
Tutor LMS
<= 3.9.8
Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order vulnerability
5.3
3 days ago
Kubio AI Page Builder
<= 2.7.2
Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability
5.3
3 days ago
Load more