ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Easy WP SMTP WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary "wp_options" import vulnerability 2019-03-20
GraceMedia Media Player WordPress GraceMedia Media Player plugin 1.0 - Local File Inclusion (LFI) vulnerability 2019-03-19
WP Support Plus Responsive Ticket System WordPress WP Support Plus Responsive Ticket System plugin <= 9.1.1 - Stored Cross-Site Scripting (XSS) vulnerability 2019-03-19
WordPress WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability 2019-03-13
FormCraft WordPress FormCraft plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability 2019-03-13
Smart Forms WordPress Smart Forms plugin <= 2.5.15 - Cross-Site Request Forgery (CSRF) vulnerability 2019-03-13
Abandoned Cart Lite WordPress Abandoned Cart Lite plugin <= 5.1.3 - Stored Cross-Site Scripting (XSS) vulnerability 2019-03-12
Abandoned Cart Pro WordPress Abandoned Cart Pro plugin <= 7.12.0 - Stored Cross-Site Scripting (XSS) vulnerability 2019-03-12
Caldera Forms WordPress Caldera Forms plugin <= 1.8.1 - Unspecified security issue related to Caldera Forms Pro API 2019-03-12
Contact Form Email WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Scripting (XSS) vulnerability 2019-03-12
Contact Form Email WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Request Forgery (CSRF) vulnerability 2019-03-12
WP Fastest Cache WordPress WP Fastest Cache plugin <= 0.8.9.0 - Unauthenticated Arbitrary File Deletion vulnerability 2019-03-12
Blog2Social WordPress Blog2Social plugin <= 5.0.2 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-03-12
Quiz And Survey Master WordPress Quiz And Survey Master plugin <= 6.2.1 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-03-12
Give WordPress Give plugin <= 2.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-03-12
WP Live Chat Support WordPress WP Live Chat Support plugin <= 8.0.17 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-03-12
WP Google Maps WordPress WP Google Maps plugin <= 7.10.41 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-03-12
YOP Poll WordPress YOP Poll plugin <= 6.0.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-03-12
Delete Duplicate Posts WordPress Delete Duplicate Posts plugin <= 4.1.9.4 - Authenticated Option Update vulnerability (Fremius Library security issue) 2019-03-05
Content Aware Sidebars WordPress Content Aware Sidebars plugin <= 3.8 - Authenticated Option Update vulnerability (Fremius Library security issue) 2019-03-05