The leading open source vulnerability database

Patchstack finds & mitigates vulnerabilities in websites. Connect your sites for FREE to see if they are exposed to any vulnerabilities.

See pricing

Rated 4.6

Total35,660

Mitigation rules13,192

No official fix10,001

In triage1,558

Published soon50

WordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Magical Posts Display<= 1.2.54 Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget vulnerability	5.9	2 hours ago
Simple Bike Rental<= 1.0.6 Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data Exposure vulnerability	5.3	2 hours ago
Events Manager<= 7.2.2.2 Cross-Site Request Forgery to Location Deletion vulnerability	4.3	2 hours ago
Events Manager<= 7.2.2.2 Unauthenticated Information Exposure vulnerability	5.3	2 hours ago
AI Feeds<= 1.0.22 Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability	6.5	2 hours ago
Secure Copy Content Protection and Content Locking<= 4.9.2 Cross-Site Request Forgery to Data Export vulnerability	4.3	2 hours ago
Secure Copy Content Protection and Content Locking<= 4.9.2 Unauthenticated Sensitive Information Exposure via Exposed CSV Export File vulnerability	5.3	2 hours ago
Email Subscribers & Newsletters<= 5.9.10 Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability	5.3	2 hours ago
PDF for Contact Form 7<= 6.3.3 Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability	5.3	2 hours ago
MailerLite – Signup forms<= 1.7.16 Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability	5.9	2 hours ago
WP Recipe Maker<= 10.2.2 Insecure Direct Object Reference to Sensitive Information Exposure vulnerability	4.3	2 hours ago
WP Fastest Cache <= 1.7.4 Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability	3.5	2 hours ago
BSK PDF Manager<= 3.7.1 Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload vulnerability	5.9	2 hours ago
Mailgun Subscriptions<= 1.3.1 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	3 hours ago
Guest Support<= 1.2.3 Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint vulnerability	5.3	3 hours ago
Hippoo Mobile App for WooCommerce<= 1.7.1 Missing Authorization to Unauthenticated Limited File Write vulnerability	5.3	3 hours ago
Ultimate Addons for Contact Form 7<= 3.5.33 Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF vulnerability	4.3	3 hours ago
Donation<= 1.0 Authenticated (Admin+) SQL Injection vulnerability	7.6	3 hours ago
Contact Form 7 with ChatWork<= 1.1.0 Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings vulnerability	5.9	3 hours ago
Resource Library for Logged In Users<= 1.4 Cross-Site Request Forgery to Multiple Administrative Actions vulnerability	4.3	3 hours ago