ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Jobs WordPress Plugin WP Jobs <=1.4 - SQL Injection 2017-06-11
Event List WordPress Event List plugin <=0.7.8 - SQL Injection vulnerability 2017-06-04
WP-Testimonials WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability 2017-06-03
Tribulant Newsletters WordPress Tribulant Newsletters plugin <=4.6.4.2 - Cross-Site Scripting (XSS) vulnerabilities 2017-05-29
Tribulant Newsletters WordPress Tribulant Newsletters plugin <=4.6.4.2 - File Disclosure vulnerability 2017-05-29
Huge-IT Video Gallery WordPress Huge-IT Video Gallery plugin <=2.0.4 - SQL Injection vulnerability 2017-05-24
WordPress WordPress <=4.7.4 - Insufficient Redirect Validation vulnerability 2017-05-17
WordPress WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API 2017-05-16
WordPress WordPress <=4.7.4 - Host Header Injection in Password Reset 2017-05-03
Ultimate Form Builder Lite Contact Form for WordPress – Ultimate Form Builder Lite plugin <= 1.3.2 - Authenticated Cross-Site Scripting (XSS) 2017-04-20
AccessPress Social Icons WordPress plugin AccessPress Social Icons <= 1.6.6 - Multiple SQL injection 2017-04-20
Membership Simplified WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Vulnerability 2017-03-15
Apptha Slider Gallery WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection Vulnerability 2017-03-09
Apptha Slider Gallery WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download Vulnerability 2017-03-09
NewStatPress WordPress Plugin NewStatPress 1.2.4 - Persistent Cross-Site Scripting (XSS) vulnerability 2017-03-01
Mail Masta WordPress plugin Mail Masta 1.0 - Multiple SQL Injection vulnerabilities 2017-02-18
Corner Ad WordPress plugin Corner Ad <= 1.0.7 - Cross-Site Scripting vulnerability 2017-02-16
WP Mail WordPress plugin WP Mail <=1.1 - Reflected Cross Site Scripting (XSS) vulnerability 2017-02-10
Javo Spot WordPress Javo Spot Premium Theme <= 2.0.0 - Unauthenticated Directory Traversal 2017-02-10
Online Hotel Booking System Pro WordPress plugin Online Hotel Booking System Pro <= 1.0 - SQL Injection 2017-01-27