Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
40,001
Mitigations
Mitigation rules
14,880
No official patch
11,332
In triage
1,412
Published soon
0
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
LifterLMS
<= 9.2.1
Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability
6.5
21 minutes ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
5
22 minutes ago
BlockArt Blocks
<= 2.2.15
Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute vulnerability
5.9
24 minutes ago
Tutor LMS
<= 3.9.7
Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification vulnerability
4.3
30 minutes ago
Greenshift
<= 12.8.9
Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute vulnerability
6.5
35 minutes ago
Tutor LMS
<= 3.9.7
Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment vulnerability
5.4
36 minutes ago
YITH WooCommerce Wishlist
< 4.13.0
Unauthenticated Arbitrary Wishlist Renaming via IDOR vulnerability
5.3
38 minutes ago
Tutor LMS
<= 3.9.7
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
7.5
2 days ago
Perfmatters
<= 2.5.9
Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability
8.1
2 days ago
MW WP Form
<= 5.1.1
Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability
8.1
2 days ago
User Registration
<= 5.1.2
Authenticated (Subscriber+) SQL Injection via membership_ids[] vulnerability
8.5
2 days ago
Advanced Members for ACF
<= 1.2.5
Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal vulnerability
8.8
2 days ago
Quick Playground
<= 1.3.1
Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability
10
2 days ago
ProSolution WP Client
<= 1.9.9
Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability
10
2 days ago
AddFunc Head & Footer Code
<= 2.3
Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability
6.5
2 days ago
Aruba HiSpeed Cache
<= 3.0.4
Cross-Site Request Forgery to Plugin Settings Reset vulnerability
4.3
2 days ago
UsersWP
<= 1.2.58
Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
4.3
2 days ago
Download Manager
<= 3.3.51
Missing Authorization to Authenticated (Contributor+) Media File Protection Removal vulnerability
4.3
2 days ago
WP-Optimize
<= 4.5.0
Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation vulnerability
5.4
2 days ago
Bookly
<= 27.0
WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability
5.3
3 days ago
Load more
