ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Smart Marketing SMS and Newsletters Forms WordPress Smart Marketing SMS and Newsletters Forms plugin <=1.1.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2017-12-07
WP Mailster WordPress WP Mailster plugin <=1.5.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2017-12-06
Content Cards WordPress Content Cards Plugin <= 0.9.6 - Cross-Site Scripting vulnerability 2017-12-04
Apocalypse Meow WordPress Apocalypse Meow plugin <=21.2.7 - BCrypt Authentication Bypass vulnerability 2017-12-04
Emag Marketplace Connector WordPress Emag Marketplace Connector plugin 1.0 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2017-12-02
Elementor Page Builder WordPress Elementor Page Builder <=1.7.12 - Authenticated Unrestricted Editing vulnerability 2017-12-02
Elementor Page Builder WordPress Elementor Page Builder <=1.8.7 - Potential Privilege Escalation vulnerability 2017-12-02
amtyThumb posts WordPress amtyThumb posts plugin 8.1.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2017-12-02
WordPress WordPress <=4.9 - Authenticated JavaScript File Upload vulnerability 2017-12-01
ProfileGrid WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting 2017-11-27
WP Customer Area WordPress WP Customer Area Plugin <= 7.4.2 - Reflected Cross Site Scripting vulnerability 2017-11-27
InLinks WordPress InLinks plugin 1.0 - Authenticated SQL Injection (SQLi) vulnerability 2017-11-26
TablePress WordPress TablePress plugin <=1.8 - Authenticated XML External Entity (XXE) vulnerability 2017-11-26
MailChimp For WooCommerce WordPress MailChimp for WooCommerce plugin <= 2.1.1 - Local File Inclusion 2017-11-22
Formidable Forms WordPress Formidable Forms plugin <=2.05.02 - SQL Injection (SQLi) vulnerability 2017-11-20
Formidable Forms WordPress Formidable Forms plugin <=2.05.02 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2017-11-20
Formidable Forms WordPress Formidable Forms plugin <=2.05.02 - Multiple vulnerabilities 2017-11-20
Yoast SEO WordPress Yoast SEO plugin <=5.7.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2017-11-20
Duplicator WordPress Duplicator plugin <=1.2.28 – Stored Cross-Site Scripting (XSS) vulnerability 2017-11-20
Email Log WordPress Email Log plugin <=2.2.2 - Stored Cross-Site Scripting (XSS) vulnerability 2017-11-20