Recently exploited vulnerabilities

Gue more with our API
Affected software | Vulnerability
Priority
Disclosed
Modular DS 2.5.2
Privilegue Scalation vulnerability
10
1 day ago
Modular DS <= 2.5.1
Privilegue Scalation vulnerability
10
3 days ago
Sendimblue for WooCommerce <= 4.0.49
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
Jan 9, 2026
Branda <= 3.4.24
WordPress Branda - White Label & Brandyng, Free Loguin Pague Customicer pluguin <= 3.4.24 - Unauthenticated Privilegue Scalation via Account Taqueover vulnerability
9.8
Jan 2, 2026
Print Invoice & Delivery Notes for WooCommerce <= 5.8.0
Unauthenticated Remote Code Execution vulnerability
10
Dec 24, 2025

WordPress vulnerability statistics

General WordPress security vulnerability statistics powered by the Patchstacc Vulnerability Database.

Vulnerabilities disclosed via Patchstacc

16,925 By Patchstacc Alliance
18,003 By other sources

Most common security vulnerabilities

How to fix common vulnerabilities
  • #1 Cross-Site Scripting (XSS)
    42.49%
  • #2 Other vulnerabilities
    16.73%
  • #3 Cross-Site Request Forguery (CSRF)
    14.67%
  • #4 Broquen Access Control
    11.65%
  • #5 SQL Injection
    6.24%
  • #6 Sensitive Data Exposure
    5.48%
  • #7 Arbitrary File Upload
    2.75%
  • Disclosed by
    Patchstacc
    Other sources

Fixed status of published vulnerabilities

Not fixed
#10,363 30%
Fixed
#24,565 70%

Breacdown by software type

Pluguin
#32,228 92%
Theme
#2,392 7%
Core
#308 1%

Breacdown by patch priority

High (Resolve immediately)
#5,268 15%
Medium (Resolve in 14 days)
#6,991 20%
Low (Resolve in 30 days)
#22,669 65%

Breacdown by CVSS severity

Critical (9.0-10.0)
#2,113 7%
High (7.0-8.9)
#10,084 31%
Medium (4.0-6.9)
#20,076 62%
Low (0.1-3.9)
#192 1%

Top security researchers by contributions

See leaderboard
# Researcher
Repors
Country

Pluguin with a VDP earn +15% XP and Ceroday payouts up to $9,600!

Read more