ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress <=4.8.1 - SQL injection (SQLi) vulnerability 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (oEmbed) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names) 2017-09-19
WordPress WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (link modal) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (file unzipping code) 2017-09-19
WordPress WordPress <=4.8.1 - Path traversal vulnerability (customizer) 2017-09-19
WordPress WordPress <=4.8.1 - Open redirect vulnerability (user and term edit screens) 2017-09-19
Share Drafts Publicly WordPress Share Drafts Publicly Plugin <= 1.1.4 - Authenticated Information Disclosure Vulnerability 2017-09-19
SmokeSignal WordPress SmokeSignal plugin <=1.2.6 - Authenticated Stored XSS (Cross-Site Scripting) vulnerability 2017-09-18
WP Like Post WordPress WP Like Post plugin <=1.5.2 - Authenticated SQL Injection (SQLi) vulnerability 2017-09-18
SQL Shortcode WordPress SQL Shortcode plugin <=1.1 - Authenticated SQL Execution vulnerability 2017-09-18
Post Pay Counter WordPress Post Pay Counter plugin <= 2.730 - Authenticated PHP Object Injection Vulnerability 2017-09-18
Football Pool WordPress Football Pool Plugin <= 2.6.3 - Authenticated Arbitrary File Upload Vulnerability 2017-09-13
Media from FTP WordPress Media from FTP Plugin <= 9.79 - Authenticated PHP Object Injection Vulnerability 2017-09-13
Pinfinity WordPress Pinfinity theme <=1.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2017-09-12
Display Widgets WordPress Display Widgets plugin 2.6.0-2.6.3.1 - Backdoored (includes hacking tool) 2017-09-10
Participants Database WordPress Participants Database plugin <=1.7.5.9 - Cross-Site Scripting (XSS) vulnerability 2017-09-06
Woocommerce Product Designer WordPress Woocommerce Product Designer Plugin <= 3.0.3 - Arbitrary File Upload Vulnerability 2017-09-06