The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total39,057

MitigationsMitigation rules14,516

No official patch11,213

In triage1,531

Published soon28

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
RTMKit<= 1.6.8 Reflected Cross-Site Scripting via 'themebuilder' Parameter vulnerability	7.1	21 minutes ago
LatePoint<= 5.2.7 WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting vulnerability	7.1	24 minutes ago
Unlimited Elements For Elementor (Free Widgets, Addons, Templates)<= 2.0.5 Unauthenticated Stored Cross-Site Scripting via Form Entry Fields vulnerability	7.1	43 minutes ago
MetForm Pro<= 3.9.6 Unauthenticated Stored Cross-Site Scripting vulnerability	7.1	56 minutes ago
The Events Calendar<= 6.15.17 Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability	7.5	1 hour ago
Simply Schedule Appointments<= 1.6.9.27 Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability	9.3	1 hour ago
JetBooking<= 4.0.3 Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability	9.3	2 hours ago
WP Maps<= 4.9.1 Unauthenticated SQL Injection via 'location_id' Parameter vulnerability	9.3	2 hours ago
Ally<= 4.0.3 WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability	9.3	2 hours ago
ProfilePress<= 4.16.11 Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability	8.1	2 hours ago
Tutor LMS Pro<= 3.9.5 Authentication Bypass via Social Login vulnerability	9.8	2 hours ago
Happy Addons for Elementor<= 3.21.0 Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability	5.4	10 hours ago
Happy Addons for Elementor<= 3.21.0 Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template Conditions vulnerability	6.5	10 hours ago
Modular DS<= 2.5.1 Cross-Site Request Forgery via postConfirmOauth vulnerability	4.3	10 hours ago
Court Reservation< 1.10.9 Event Deletion via CSRF vulnerability	4.3	10 hours ago
Astra WordPress Theme<= 4.12.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta vulnerability	6.5	10 hours ago
WP ULike<= 5.0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability	6.5	11 hours ago
DearFlip<= 2.4.20 Authenticated (Author+) Stored Cross-Site Scripting via PDF Page Labels vulnerability	5.9	11 hours ago
NextScripts<= 4.4.6 Authenticated (Contributor+) Stored Cross-Site Scripting via 'nxs_fbembed' Shortcode vulnerability	6.5	12 hours ago
Booktics<= 1.0.16 Missing Authorization to Get Items via REST API endpoints vulnerability	5.3	12 hours ago