ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-15
Simple Job Board WordPress Simple Job Board plugin <= 2.9.3 - Authenticated Directory Traversal vulnerability 2021-01-15
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability 2021-01-12
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
Elementor Contact Form DB WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability 2021-01-12
Custom Global Variables WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
WP24 Domain Check WordPress WP24 Domain Check plugin <= 1.6.2 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
Modal Survey WordPress Modal Survey premium plugin <= 2.0.1.8 - Multiple vulnerabilities 2021-01-08
Stripe Payments WordPress Stripe Payments plugin <= 2.0.39 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-08
WP-Paginate WordPress WP Paginate plugin <= 2.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-07
Contact Form Submissions WordPress Contact Form Submissions plugin <= 1.6.4 - Authenticated SQL Injection (SQLi) vulnerability 2021-01-03
Contact Form Submissions WordPress Contact Form Submissions plugin <= 1.6.4 - Authenticated Double Query SQL injection (SQLi) vulnerability 2021-01-03
Site Offline WordPress Site Offline plugin <= 1.4.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-29
Newsletter Manager WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability 2020-12-29
Internal Links Manager WordPress Internal Links Manager plugin <= 2.1.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities 2020-12-28
Thumbnail carousel slider WordPress Thumbnail carousel slider plugin <= 1.0 - Authenticated Shell Upload and Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-28
Thumbnail carousel slider WordPress Thumbnail carousel slider plugin <= 1.0 - Stored Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-28
LiteSpeed Cache WordPress LiteSpeed Cache plugin <= 3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-12-26