ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Sliced Invoices WordPress Sliced Invoices plugin <= 3.8.2 - Multiple vulnerabilities 2019-10-18
EU Cookie Law (GDPR) WordPress EU Cookie Law plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability 2019-10-17
Zoho CRM Lead Magnet WordPress Zoho CRM Lead Magnet plugin <=1.6.9.1 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-10-17
WordPress WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning) 2019-10-15
iThemes Sync WordPress iThemes Sync plugin <= 2.0.17 - Insufficient Secure Key Validation vulnerability 2019-10-10
Theme Editor WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities 2019-09-30
visualizer WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF) 2019-09-28
Give WordPress GiveWp plugin <= 2.5.4 - Authentication Bypass 2019-09-26
DELUCKS SEO WordPress DELUCKS SEO plugin <= 2.1.7 - Unauthenticated Options Update vulnerability 2019-09-25
Rich Reviews WordPress Rich Reviews plugin <= 1.7.4 - Unauthenticated Plugin Options Update vulnerability 2019-09-25
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability 2019-09-23
Motors – Car Dealer & Classified Ads WordPress Motors – Car Dealer & Classified Ads plugin <= 1.4.0 - Multiple security issues 2019-09-23
Advanced AJAX Product Filters WordPress Advanced AJAX Product Filters plugin <= 1.3.6.1 - Unauthenticated Plugin Settings Update vulnerability 2019-09-19
Woody ad snippets WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-15
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Authenticated SQL Injection (SQLi) vulnerability 2019-09-11
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-09-11
Checklist WordPress Checklist plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Human Presence WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Qwizcards WordPress Qwizcards plugin <= 3.36 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-10
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - SQL Injection (SQLi) vulnerability 2019-09-09