ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Unauthenticated Arbitrary File Upload vulnerability 2018-08-09
Gwolle Guestbook WordPress Gwolle Guestbook plugin <= 2.5.3 - Cross-Site Scripting (XSS) vulnerability 2018-08-09
Strong Testimonials WordPress Strong Testimonials plugin <= 2.31.4 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Snazzy Maps WordPress Snazzy Maps plugin <= 1.1.3 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Multi Step Form WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Geo Mashup WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability 2018-07-18
All In One Favicon WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-07-18
WordPress WordPress <=4.9.6 - Arbitrary Code Execution vulnerability 2018-06-27
iThemes Security WordPress iThemes Security plugin <= 7.0.2 - Authenticated SQL Injection (SQLi) vulnerability 2018-06-25
WordPress Comments Import & Export WordPress Comments Import & Export plugin <= 2.0.4 - CSV Injection vulnerability 2018-06-22
Open Graph for Facebook, Google+ and Twitter Card Tags WordPress Open Graph for Facebook, Google+ and Twitter Card Tags plugin <= 2.2.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2018-06-22
Advanced Order Export For WooCommerce WordPress Advanced Order Export For WooCommerce plugin <= 1.5.4 - CSV Injection vulnerability 2018-06-22
Ultimate Form Builder Lite WordPress Ultimate Form Builder Lite plugin <= 1.3.7 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-06-20
Ultimate Form Builder Lite WordPress Ultimate Form Builder Lite plugin <= 1.3.7 - SQL Injection (SQLi) vulnerability 2018-06-20
Pie Register WordPress Pie Register plugin <= 3.0.9 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-06-20
Tooltipy WordPress Tooltipy (tooltips for WP) plugin <= 5.0 - Cross-Site Request Forgery (CSRF) vulnerability 2018-06-20
Tooltipy WordPress Tooltipy (tooltips for WP) plugin <= 5.0 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-06-20
Redirection WordPress Redirection plugin <= 2.7.3 - Authenticated Local File Inclusion vulnerability 2018-06-20
wpForo Forum WordPress wpForo Forum plugin <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2018-06-20
wpForo Forum WordPress wpForo Forum plugin <= 1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-06-20