Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,057
Mitigations
Mitigation rules
14,517
No official patch
11,213
In triage
1,531
Published soon
28
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
MC4WP
<= 4.11.1
Missing Authorization to Unauthenticated Arbitrary Subscription Deletion vulnerability
6.5
11 minutes ago
RTMKit
<= 1.6.8
Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability
7.1
32 minutes ago
LatePoint
<= 5.2.7
WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting vulnerability
7.1
35 minutes ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)
<= 2.0.5
Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability
7.1
54 minutes ago
MetForm Pro
<= 3.9.6
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 hour ago
The Events Calendar
<= 6.15.17
Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability
7.5
1 hour ago
Simply Schedule Appointments
<= 1.6.9.27
Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability
9.3
1 hour ago
JetBooking
<= 4.0.3
Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability
9.3
2 hours ago
WP Maps
<= 4.9.1
Unauthenticated SQL Injection via 'location_id' Parameter vulnerability
9.3
2 hours ago
Ally
<= 4.0.3
WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability
9.3
2 hours ago
ProfilePress
<= 4.16.11
Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability
8.1
2 hours ago
Tutor LMS Pro
<= 3.9.5
Authentication Bypass via Social Login vulnerability
9.8
3 hours ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
5.4
10 hours ago
Happy Addons for Elementor
<= 3.21.0
Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability
6.5
10 hours ago
Modular DS
<= 2.5.1
Cross-Site Request Forgery via postConfirmOauth vulnerability
4.3
10 hours ago
Court Reservation
< 1.10.9
Event Deletion via CSRF vulnerability
4.3
10 hours ago
Astra WordPress Theme
<= 4.12.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability
6.5
10 hours ago
WP ULike
<= 5.0.1
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability
6.5
11 hours ago
DearFlip
<= 2.4.20
Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability
5.9
11 hours ago
NextScripts
<= 4.4.6
Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability
6.5
12 hours ago
Load more