ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Form Maker WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability 2019-05-25
WP Slimstat WordPress Slimstat plugin <= 4.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-22
WP Booking System WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability 2019-05-22
Live Chat with Facebook Messenger WordPress Live Chat with Facebook Messenger plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability 2019-05-22
WPGraphQL WordPress WPGraphQL plugin <= 0.2.3 - Multiple Vulnerabilities 2019-05-22
Newsletter Manager WordPress Newsletter Manager plugin <= 1.4 - Unauthenticated Open Redirect vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - SQL Injection (SQLi) vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-21
WP Live Chat Support WordPress WP Live Chat Support plugin <= 8.0.26 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-21
Register IPs WordPress Register IPs plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-16
Ultimate Member WordPress Ultimate Member plugin <= 2.0.45 - Multiple vulnerabilities 2019-05-16
W3 Total Cache WordPress W3 Total Cache plugin <= 0.9.7.3 - Cross-Site Scripting (XSS) vulnerability 2019-05-07
All-in-One Event Calendar WordPress All-in-One Event Calendar plugin <= 2.5.38 - Cross-Site Scripting (XSS) vulnerability 2019-05-06
My Calendar WordPress My Calendar plugin <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-05-06
Blog Designer WordPress Blog Designer plugin <= 1.8.10 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-02
Print My Blog WordPress Print My Blog plugin <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-04-27
WooCommerce Checkout Manager WordPress WooCommerce Checkout Manager plugin 4.2.6 (latest) - Arbitrary File Upload vulnerability 2019-04-26
Social Warfare WordPress Social Warfare plugin <= 3.5.2 - Unauthenticated Remote Code Execution (RCE) vulnerability 2019-04-24
WP Statistics WordPress WP Statistics plugin <= 12.6.3 - Cross-Site Scripting (XSS) vulnerability 2019-04-24