Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
36,761
Mitigations
Mitigation rules
13,553
No official fix
10,544
In triage
1,101
Published soon
26
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
WP RSS Aggregator
<= 5.0.10
WordPress RSS Aggregator - RSS Import, News Feeds, Feed to Post, and Autoblogging plugin <= 5.0.10 - Reflected Cross-Site Scripting via className vulnerability
7.1
2 hours ago
Awesome Support
<= 6.3.6
WordPress Awesome Support - WordPress HelpDesk & Support Plugin plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role Demotion vulnerability
6.5
2 hours ago
Supreme Modules Lite
<= 2.5.62
Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass vulnerability
9.1
3 hours ago
AffiliateX
1.0.0-1.3.9.3
Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting
6.5
3 hours ago
Restrict Content
<= 3.2.16
WordPress Membership Plugin - Restrict Content plugin <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure vulnerability
7.5
3 hours ago
Cost Calculator Builder
<= 3.6.9
Missing Authorization to Unauthenticated Payment Status Bypass vulnerability
5.3
10 hours ago
User Submitted Posts
<= 20260110
Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode vulnerability
6.5
10 hours ago
LEAV Last Email Address Validator
<= 1.7.1
Cross-Site Request Forgery to Plugin Settings Update vulnerability
4.3
10 hours ago
Related Posts by Taxonomy
<= 2.7.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'related_posts_by_tax' Shortcode vulnerability
6.5
10 hours ago
DK PDF – WordPress PDF Generator
<= 2.3.0
WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability
5
10 hours ago
Rede Itaú for WooCommerce
<= 5.1.2
Missing Authorization to Unauthenticated Rede Order Logs Deletion vulnerability
5.3
10 hours ago
Rede Itaú for WooCommerce
<= 5.1.2
WordPress Rede Itaú for WooCommerce - Payment PIX, Credit Card and Debit plugin <= 5.1.2 - Unauthenticated Order Status Manipulation vulnerability
5.3
10 hours ago
All In One SEO Pack
<= 4.9.2
WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability
4.3
10 hours ago
Booking Calendar
<= 10.14.11
Missing Authorization to Sensitive Information Exposure vulnerability
4.3
10 hours ago
Shield Security
<= 21.0.9
Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator vulnerability
4.3
10 hours ago
Kalium
<= 3.29
Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability
5.3
10 hours ago
WP-Members
<= 3.5.4.3
Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields vulnerability
6.5
1 day ago
Simply Schedule Appointments
<= 1.6.9.9
Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability
9.3
1 day ago
Drag and Drop Multiple File Upload – Contact Form 7
<= 1.3.9.2
Missing Authorization to Unauthenticated File Deletion vulnerability
3.7
1 day ago
List Site Contributors
<= 1.1.8
Reflected Cross-Site Scripting via alpha vulnerability
7.1
1 day ago
Load more