ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Contact Form Clean and Simple WordPress Contact Form Clean and Simple plugin <= 4.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-22
Ultimate Member WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability 2020-01-22
Ultimate Auction WordPress Ultimate Auction plugin <= 4.0.5 - Multiple CSRF & XSS vulnerabilities 2020-01-09
InfiniteWP Client WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability 2020-01-08
Backup and Staging by WP Time Capsule WordPress Backup and Staging by WP Time Capsule plugin <= 1.21.15 - Authentication Bypass vulnerability 2020-01-08
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-01-07
Postie WordPress Postie plugin <= 1.9.40 - Stored Cross-Site Scripting (XSS) and post submission spoofing vulnerabilities 2020-01-06
Import users from CSV with meta WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability 2020-01-06
WordPress WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability 2020-01-06
Divi WordPress Divi premium theme <= 4.0.9 - Authenticated Code Injection 2020-01-05
Extra WordPress Extra premium theme <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
Divi Builder WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
WooCommerce Conversion Tracking WordPress WooCommerce Conversion Tracking plugin <=2.0.4 - Cross-Site Request Forgery (CSRF) to XSS vulnerability 2020-01-05
Photo Gallery – Image Gallery by Ape WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation 2020-01-02
Donorbox WordPress Donorbox plugin 7.1-7.1.1 - Stored Cross-Site Scripting (XSS) via plugin shortcode 2020-01-02
GDPR Cookie Compliance WordPress GDPR Cookie Compliance plugin <= 4.0.2 - Authenticated Settings Reset vulnerability 2019-12-27
bbPress Login Register Links On Forum Topic Pages WordPress bbPress Login Register Links On Forum Topic Pages plugin <= 2.7.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability 2019-12-27
bbPress Members Only WordPress bbPress Members Only plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability 2019-12-27
Featured Image from URL WordPress Featured Image from URL plugin <= 2.7.7 - Missing Access Controls on REST routes vulnerability 2019-12-27