ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WebP Express WordPress WebP Express plugin <= 0.14.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-06-26
Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-26
WP Ultimate Recipe WordPress WP Ultimate Recipe plugin <= 3.12.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-06-26
Revamp CRM for WooCommerce WordPress Revamp CRM for WooCommerce plugin <= 1.0.3 - Local File Inclusion (LFI) vulnerability 2019-06-25
Custom 404 Pro WordPress Custom 404 Pro plugin <= 3.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-06-25
CP Contact Form with Paypal WordPress CP Contact Form with Paypal plugin <= 1.2.97 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-06-25
Deny All Firewall WordPress Deny All Firewall plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-25
WordPress SEO Plugin – Rank Math WordPress SEO By Rank Math plugin <= 1.0.27 - Authenticated Settings Reset vulnerability 2019-06-25
Sina Extension for Elementor WordPress Sina Extension For Elementor plugin <= 2.2.0 - Local File Inclusion (LFI) vulnerability 2019-06-25
ConvertPlus WordPress ConvertPlus plugin <= 3.4.4 - Multiple Security Issues and vulnerabilities 2019-06-25
Dropshix WordPress Dropshix plugin <= 4.0.11 - Arbitrary Product Import vulnerability 2019-06-25
Shortlinks by Pretty Links WordPress Shortlinks by Pretty Links plugin <= 2.1.9 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-25
Shortlinks by Pretty Links WordPress Shortlinks by Pretty Links plugin <= 2.1.9 - CSV injection vulnerability 2019-06-25
Facebook for WooCommerce WordPress Facebook for WooCommerce plugin <= 1.9.12 - Cross-Site Request Forgery (CSRF) vulnerability allowing Option Update 2019-06-25
Ninja Forms WordPress Ninja Forms plugin <= 3.3.21 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
Easy pdf restaurant menu upload WordPress Easy Pdf Restaurant Menu Upload plugin <= 1.1.1 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
GA Backend Tracking WordPress GA Backend Tracking plugin <= 1.2 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
Ninja Forms WordPress Ninja Forms plugin <= 3.3.21 - SQL injection (SQLi) vulnerability 2019-06-25
Support Board WordPress Support Board premium plugin <= 1.2.8 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-25
IP Blocker Lite WordPress IP Address Blocker plugin <= 10.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability 2019-06-19