Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
39,968
Mitigations
Mitigation rules
14,874
No official patch
11,332
In triage
1,400
Published soon
40
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Magazine Companion
<= 1.3.0
Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute vulnerability
5.9
53 minutes ago
Extensions for Leaflet Map
<= 4.14
Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode vulnerability
6.5
54 minutes ago
Advanced Contact form 7 DB
<= 2.0.9
Cross-Site Request Forgery to Form Entry Deletion vulnerability
4.3
1 hour ago
Advanced Contact form 7 DB
<= 2.0.9
Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export vulnerability
4.3
1 hour ago
PageLayer
<= 2.0.8
Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes vulnerability
6.5
1 hour ago
BEAR
<= 1.1.5
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion vulnerability
4.3
1 hour ago
BEAR
<= 1.1.5
WordPress BEAR - Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin <= 1.1.5 - Cross-Site Request Forgery to Product Data Modification vulnerability
4.3
1 hour ago
Beaver Builder
<= 2.10.1.1
WordPress Beaver Builder Page Builder - Drag and Drop Website Builder plugin <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' vulnerability
5.9
4 hours ago
Robo Gallery
<= 5.1.3
Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting vulnerability
5.9
4 hours ago
PrivateContent Free
<= 1.2.0
Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute vulnerability
6.5
4 hours ago
pdfl.io
<= 1.0.5
Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute vulnerability
6.5
4 hours ago
Blog2Social
<= 8.8.3
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability
4.3
1 day ago
Awesome Support
<= 6.3.7
Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' Parameter vulnerability
5.3
1 day ago
Masteriyo - LMS
<= 2.1.7
Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint vulnerability
5.3
1 day ago
WP Blockade
<= 0.9.14
Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter vulnerability
6.5
1 day ago
Pinterest Site Verification plugin using Meta Tag
<= 1.8
Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability
6.5
1 day ago
Gravity Forms
<= 2.9.30
Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field vulnerability
7.1
1 day ago
Gravity Forms
<= 2.9.30
Reflected Cross-Site Scripting via 'form_ids' Parameter vulnerability
7.1
1 day ago
Popup box
< 5.5.0
Admin+ Stored Cross-Site Scripting (XSS) via CSRF vulnerability
7.1
1 day ago
Attendance Manager
<= 0.6.2
Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter vulnerability
8.5
1 day ago
Load more