ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Advanced AJAX Product Filters WordPress Advanced AJAX Product Filters plugin <= 1.3.6.1 - Unauthenticated Plugin Settings Update vulnerability 2019-09-19
Woody ad snippets WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-15
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Authenticated SQL Injection (SQLi) vulnerability 2019-09-11
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-09-11
Checklist WordPress Checklist plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Human Presence WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Qwizcards WordPress Qwizcards plugin <= 3.36 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-10
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - SQL Injection (SQLi) vulnerability 2019-09-09
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - Cross-Site Scripting (XSS) vulnerability 2019-09-09
LifterLMS WordPress LifterLMS plugin <= 3.34.5 - Unauthenticated Options Import vulnerability 2019-09-09
Advanced Access Manager WordPress Advanced Access Manager plugin <= 5.9.8.1 - Arbitrary File Access/Download vulnerability 2019-09-09
Search Exclude WordPress Search Exclude plugin <= 1.2.2 - Arbitrary Settings Change vulnerability 2019-09-08
ECPay Logistics for WooCommerce WordPress ECPay Logistics for WooCommerce plugin <= 1.2.181030 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
API Bearer Auth WordPress API Bearer Auth plugin <= 20181229 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
WordPress WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability 2019-09-05
Spryng Payments for WooCommerce WordPress Spryng Payments for WooCommerce plugin <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Portrait-Archiv.com Photostore WordPress Portrait-Archiv.com Photostore plugin <= 3.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Event Tickets WordPress Event Tickets plugin <= 4.10.7.1 - CSV Injection vulnerability 2019-09-03
WooCommerce Product Feed for Google, Facebook, eBay and Many More WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-30
Variation Swatches for WooCommerce WordPress Variation Swatches for WooCommerce plugin <= 1.0.61 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-30