Pricing
Case studies
Login
Start trial
Recently exploited vulnerabilities
Get more with our API
Affected software | Vulnerability
Priority
Disclosed
Profile Builder
< 3.15.2
Unauthenticated Arbitrary Password Reset vulnerability
9.8
1 day ago
LA-Studio Element Kit for Elementor
<= 1.5.6.3
Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter vulnerability
9.8
Jan 21, 2026
Academy LMS
<= 3.5.0
Privilege Escalation vulnerability
9.8
Jan 21, 2026
Booking Activities
<= 1.16.44
Privilege Escalation vulnerability
8.1
Jan 20, 2026
Modular DS
2.5.2
Privilege Escalation vulnerability
10
Jan 16, 2026
WordPress vulnerability statistics
All time
General WordPress security vulnerability statistics powered by the Patchstack Vulnerability Database.
Vulnerabilities disclosed via Patchstack
17,201
By Patchstack Alliance
18,356
By other sources
Most common security vulnerabilities
How to fix common vulnerabilities
#1
Cross-Site Scripting (XSS)
42.37%
#2
Other vulnerabilities
16.71%
#3
Cross-Site Request Forgery (CSRF)
14.57%
#4
Broken Access Control
11.94%
#5
SQL Injection
6.25%
#6
Sensitive Data Exposure
5.44%
#7
Arbitrary File Upload
2.72%
Disclosed by
Patchstack
Other sources
Fixed status of published vulnerabilities
Not fixed
#10,578
30%
Fixed
#24,979
70%
Breakdown by software type
Plugin
#32,815
92%
Theme
#2,434
7%
Core
#308
1%
Breakdown by patch priority
High (Resolve immediately)
#5,380
15%
Medium (Resolve in 14 days)
#7,096
20%
Low (Resolve in 30 days)
#23,081
65%
Breakdown by CVSS severity
Critical (9.0-10.0)
#2,158
7%
High (7.0-8.9)
#10,249
31%
Medium (4.0-6.9)
#20,490
62%
Low (0.1-3.9)
#197
1%
Top security researchers by contributions
See leaderboard
# Researcher
Reports
Country
Plugins with a VDP earn +15%
XP and
Zeroday payouts up to $33,000!
Plugins with a VDP earn +15% XP and Zeroday payouts up to $33,000!
Read more
1