ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Ninja Forms WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-15
Better WordPress reCAPTCHA WordPress Better WordPress reCAPTCHA plugin <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Directory Traversal vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2018-11-13
WP GDPR Compliance WordPress WP GDPR Compliance plugin <= 1.4.2 - Privilege Escalation vulnerability 2018-11-13
Flow-Flow Social Stream WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Calendar WordPress Calendar plugin <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-11-13
Accelerated Mobile Pages WordPress Accelerated Mobile Pages plugin <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities 2018-11-13
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated File Deletion to Privilege Escalation vulnerability 2018-11-07
ARForms WordPress ARForms plugin <= 3.5.1 - Unauthenticated Arbitrary File Deletion vulnerability 2018-10-29
Pie Register WordPress Pie Register plugin <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-10-29
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Object Injection vulnerability 2018-10-29
PDF & Print WordPress PDF & Print plugin <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS) vulnerability 2018-10-03
Breadcrumb NavXT WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API 2018-10-03
Wechat Broadcast WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability 2018-10-03
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-10-03
Localize My Post WordPress Localize My Post plugin 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability 2018-10-03
Contact Form 7 WordPress Contact Form 7 plugin <= 5.0.3 - Privilege Escalation vulnerability 2018-09-13
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
Userpro WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability 2018-09-09