The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total35,835

MitigationsMitigation rules13,230

No official fix10,089

In triage1,513

Published soon58

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
WP to LinkedIn Auto Publish<= 1.9.8 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	4 hours ago
Social Media Auto Publish<= 3.6.5 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	4 hours ago
WP3D Model Import Viewer<= 1.0.7 Authenticated (Contributor+) Arbitrary File Upload vulnerability	9.9	4 hours ago
Filter & Grids<= 3.2.0 Unauthenticated SQL Injection vulnerability	9.3	4 hours ago
Export WP Page to Static HTML/CSS<= 4.3.4 Unauthenticated Cookie Exposure via Log File vulnerability	9.8	4 hours ago
Postem Ipsum<= 3.0.1 Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users vulnerability	8.8	4 hours ago
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce<= 1.3.5 Unauthenticated Time-Based Blind SQL Injection vulnerability	9.3	4 hours ago
wpForo Forum<= 2.4.12 Unauthenticated SQL Injection vulnerability	9.3	4 hours ago
URL Shortener<= 3.0.7 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
WP Directory Kit<= 1.4.7 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
Doubly - Cross Domain Copy Paste for WordPress<= 1.0.46 Authenticated (Subscriber+) PHP Object Injection via ZIP File Import vulnerability	8.8	5 hours ago
JAY Login & Register<= 2.4.01 Authentication Bypass via Cookie vulnerability	9.8	5 hours ago
Login Lockdown<= 2.14 IP Block Bypass vulnerability	5.3	9 hours ago
WPS Visitor Counter<= 1.4.8 Reflected XSS vulnerability	7.1	10 hours ago
HelloLeads CRM Form Shortcode<= 1.0 Unauthenticated Settings Reset vulnerability	6.5	10 hours ago
MailerLite – WooCommerce integration<= 3.1.3 WordPress MailerLite - WooCommerce integration plugin <= 3.1.3 - Missing Authorization to Data Deletion vulnerability	6.5	10 hours ago
Fancy Product Designer<= 6.4.8 Unauthenticated Information Disclosure via 'url' Parameter vulnerability	5.9	10 hours ago
Fancy Product Designer<= 6.4.8 Unauthenticated Server-Side Request Forgery via Race Condition vulnerability	7.2	13 hours ago
LearnPress<= 4.3.1 Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social vulnerability	6.5	13 hours ago
Booking Calendar<= 10.14.8 Unauthenticated SQL Injection via dates_to_check vulnerability	9.3	13 hours ago