The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total36,602

MitigationsMitigation rules13,450

No official fix10,467

In triage840

Published soon45

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Menu Card<= 0.8.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	2 minutes ago
Entry Views<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	6.5	2 minutes ago
Curved Text<= 0.1 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	3 minutes ago
Header and Footer Scripts<= 2.2.2 Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	4 minutes ago
The Tooltip<= 1.0.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	5 minutes ago
WP Popup Magic<= 1.0.0 Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute vulnerability	6.5	6 minutes ago
Nearby Now Reviews<= 5.2 Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability	6.5	7 minutes ago
AMP for WP<= 1.1.10 Authenticated Stored Cross-Site Scripting via SVG File Upload vulnerability	5.9	9 minutes ago
Booking Calendar<= 10.14.10 Unauthenticated Sensitive Information Exposure vulnerability	5.3	10 minutes ago
Tutor LMS<= 3.9.3 WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification vulnerability	5.4	11 minutes ago
WP Table Builder<= 2.0.19 Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability	5.4	12 minutes ago
Tutor LMS<= 3.9.3 WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability	4.3	19 minutes ago
WP Google Street View<= 1.1.8 Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode vulnerability	6.5	26 minutes ago
Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimization (image SEO) + Woocommerce<= 2.2.1 WordPress BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	6.5	27 minutes ago
BetterDocs<= 4.3.3 Authenticated (Contributor+) Sensitive Information Exposure vulnerability	6.5	28 minutes ago
IndieWeb<= 4.0.5 Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter vulnerability	5.9	29 minutes ago
Forminator<= 1.49.1 Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability	5.3	32 minutes ago
Post Expirator<= 4.9.3 Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability	5.4	35 minutes ago
Clearfy Cache<= 2.4.0 Cross-Site Request Forgery to Update Notification Tampering vulnerability	4.3	37 minutes ago
weDocs<= 2.1.15 Unauthenticated Sensitive Information Exposure vulnerability	5.3	37 minutes ago