ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
spam-byebye WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability 2019-01-14
User Registration WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-14
MapSVG Lite WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
Baggage Freight Shipping Australia WordPress Baggage Freight Shipping Australia plugin 0.1.0 - Unauthenticated Arbitrary File Upload vulnerability 2019-01-08
Google XML Sitemaps WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
WP AutoSuggest WordPress WP AutoSuggest plugin 0.24 - Unauthenticated SQL Injection (SQLi) vulnerability 2019-01-08
Two Factor Authentication WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
WooCommerce WordPress WooCommerce plugin <= 3.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-01-07
WP Job Manager WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability 2019-01-07
Adicon Server WordPress Adicon Server plugin <= 1.2 - SQL Injection (SQLi) vulnerability 2019-01-07
Audio Record WordPress Audio Record plugin 1.0 - Arbitrary File Upload vulnerability 2019-01-07
WordPress WordPress <= 5.0 - Authenticated File Delete vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability 2018-12-13
WordPress WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Cross-Site Scripting (XSS) vulnerability that could affect plugins 2018-12-13
WordPress WordPress <= 5.0 - User Activation Screen Search Engine Indexing 2018-12-13
WordPress WordPress <= 5.0 - File Upload to XSS on Apache Web Servers vulnerability 2018-12-13