The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total35,843

MitigationsMitigation rules13,230

No official fix10,089

In triage1,513

Published soon58

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Converter for Media<= 6.3.2 Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint vulnerability	4.3	6 minutes ago
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent<= 4.0.7 Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability	5.3	12 minutes ago
WP Recipe Maker<= 10.2.3 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	24 minutes ago
Essential Addons for Elementor<= 6.5.3 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	26 minutes ago
Essential Blocks for Gutenberg<= 5.7.2 Missing Authorization To Authenticated (Author+) Information Disclosure vulnerability	4.3	32 minutes ago
WP to LinkedIn Auto Publish<= 1.9.8 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	5 hours ago
Social Media Auto Publish<= 3.6.5 Reflected Cross-Site Scripting via PostMessage vulnerability	7.1	5 hours ago
WP3D Model Import Viewer<= 1.0.7 Authenticated (Contributor+) Arbitrary File Upload vulnerability	9.9	5 hours ago
Filter & Grids<= 3.2.0 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
Export WP Page to Static HTML/CSS<= 4.3.4 Unauthenticated Cookie Exposure via Log File vulnerability	9.8	5 hours ago
Postem Ipsum<= 3.0.1 Missing Authorization to Authenticated (Subscriber+) Privilege Escalation in postem_ipsum_generate_users vulnerability	8.8	5 hours ago
افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce<= 1.3.5 Unauthenticated Time-Based Blind SQL Injection vulnerability	9.3	5 hours ago
wpForo Forum<= 2.4.12 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
URL Shortener<= 3.0.7 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
WP Directory Kit<= 1.4.7 Unauthenticated SQL Injection vulnerability	9.3	5 hours ago
Doubly - Cross Domain Copy Paste for WordPress<= 1.0.46 Authenticated (Subscriber+) PHP Object Injection via ZIP File Import vulnerability	8.8	5 hours ago
JAY Login & Register<= 2.4.01 Authentication Bypass via Cookie vulnerability	9.8	5 hours ago
Login Lockdown<= 2.14 IP Block Bypass vulnerability	5.3	9 hours ago
WPS Visitor Counter<= 1.4.8 Reflected XSS vulnerability	7.1	10 hours ago
HelloLeads CRM Form Shortcode<= 1.0 Unauthenticated Settings Reset vulnerability	6.5	10 hours ago