ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress <= 5.0 - Authenticated File Delete vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability 2018-12-13
WordPress WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins 2018-12-13
WordPress WordPress <= 5.0 - User Activation Screen Search Engine Indexing 2018-12-13
WordPress WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability 2018-12-13
Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability 2018-12-13
Jetpack WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-12
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-11
Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10
Advanced Custom Fields WordPress Advanced Custom Fields plugin <= 5.7.7 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10
Smush Image Compression and Optimization WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities 2018-12-10
Google Analytics by Monster Insights WordPress Google Analytics by Monster Insights plugin <= 7.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
WP Mail SMTP by WPForms WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Social Sharing Plugin – Kiwi WordPress Social Sharing Plugin – Kiwi plugin <= 2.0.10 - Update Any Option (bypass) vulnerability 2018-12-07
PropertyHive WordPress PropertyHive plugin <= 1.4.25 - Unvalidated Input to do_action() 2018-12-07
Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Redirection WordPress Redirection plugin <= 3.6.2 - Cross-Site Request Forgery (CSRF) vulnerability 2018-12-06
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-12-04