ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Newspaper WordPress Newspaper theme <= 9.2.2 - Cross-Site Scripting (XSS) vulnerability 2019-02-14
WP Cost Estimation & Payment Forms Builder WordPress WP Cost Estimation plugin < 9.644 - Arbitrary File Upload and Delete vulnerability 2019-02-14
WP Cost Estimation & Payment Forms Builder WordPress WP Cost Estimation plugin < 9.660 - Upload Directory Traversal vulnerability 2019-02-14
Simple Social Media Share Buttons WordPress Simple Social Media Share Buttons plugin 2.0.4-2.0.21 - Authenticated Option Injection vulnerability 2019-02-12
Parallax Scroll WordPress Parallax Scroll plugin <= 2.0.1 - Cross-Site Scripting (XSS) vulnerability 2019-02-06
Forminator WordPress Forminator plugin <= 1.5.4 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability 2019-02-06
Forminator WordPress Forminator plugin <= 1.5.4 - Authenticated Blind SQL Injection (SQLi) vulnerability 2019-02-06
Yet Another Stars Rating WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability 2019-01-28
Health Check & Troubleshooting WordPress Health Check & Troubleshooting plugin <= 1.2.3 - Authenticated Path Traversal vulnerability 2019-01-28
Health Check & Troubleshooting WordPress Health Check & Troubleshooting plugin <= 1.2.3 - Authenticated Lack of Authorisation (privilege escalation) vulnerability 2019-01-28
Wise Chat WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability 2019-01-25
Social Network Tabs WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability 2019-01-17
Easy Redirect Manager WordPress Easy Redirect Manager plugin 2.18.18 - Cross-Site Scripting (XSS) vulnerability 2019-01-15
Spam Byebye WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability 2019-01-14
User Registration WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-14
MapSVG Lite WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
Baggage Freight Shipping Australia WordPress Baggage Freight Shipping Australia plugin 0.1.0 - Unauthenticated Arbitrary File Upload vulnerability 2019-01-08
Google XML Sitemaps WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08