PatchWatch Logo PATCHWATCH
Resources Vulnerabilities DB
CVE Registry

WordPress Vulnerability Database

Real-time tracking of active vulnerabilities in the WordPress ecosystem. Search by plugin, theme, or CVE number to secure your installations.

4,826 Total CVEs Tracked
98.4% Patched Or Mitigated
14 Active 0-Days Under Watch
24/7 Real-time Feed Scanning

Recent Security Disclosures

Showing latest WordPress vulnerability reports and virtual patches

Plugin / Subject Vulnerability Type Severity Status / Remediation Actions
Elementor Website Builder Affected versions: <= 3.20.0
Stored Cross-Site Scripting (XSS) High (8.8)
Patched in v3.20.1 Virtual Patch Available
View Details
WooCommerce eCommerce Engine Affected versions: <= 8.6.1
Privilege Escalation Critical (9.8)
Patched in v8.6.2 Virtual Patch Available
View Details
Contact Form 7 Affected versions: <= 5.9.0
Reflected Cross-Site Scripting (XSS) Medium (6.4)
Patched in v5.9.1 Core Update Required
LiteSpeed Cache Affected versions: <= 6.0.9
Admin Privilege Bypass Critical (9.8)
Patched in v6.1.0 Virtual Patch Available
Astra WordPress Theme Affected versions: <= 4.6.0
Customizer Field Script Injection (XSS) Medium (6.1)
Patched in v4.6.1 Theme Update Required
Diagnostic Hardening

Are your plugins exposing your website to active exploits?

Install PatchWatch WordPress Plugin to automatically scan hashes, verify core file integrity, and enable instant virtual patching.

Run Diagnostics Scanner Read Integration Docs