ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
YITH WooCommerce Gift Cards Premium WordPress YITH WooCommerce Gift Cards plugin <= 3.3.0 - Arbitrary File Upload to Remote Code Execution (RCE) vulnerability 2021-02-24
NextGEN Gallery Pro WordPress NextGEN Gallery Pro premium plugin <= 3.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability 2021-02-24
QuadMenu WordPress QuadMenu plugin <= 2.0.6 - Remote Code Execution (RCE) vulnerability 2021-02-22
WP Private Content Plus WordPress WP Private Content Plus plugin <= 3.1 - Cross-Site Request Forgery (CSRF) vulnerability 2021-02-19
Testimonial Rotator WordPress Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-02-19
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.68 - Cross-Site Scripting (XSS) vulnerability 2021-02-18
Custom Banners WordPress Custom Banners plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability 2021-02-18
Backup Guard WordPress Backup Guard plugin <= 1.5.9 - Authenticated Arbitrary File Upload vulnerability 2021-02-18
Better Search WordPress Better Search plugin <= 2.5.2 - Cross-Site Request Forgery (CSRF) vulnerability 2021-02-17
Ninja Forms WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Cross-Site Request Forgery (CSRF) vulnerability 2021-02-16
Ninja Forms WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Administrator Open Redirect vulnerability 2021-02-16
Ninja Forms WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated OAuth Connection Key Disclosure vulnerability 2021-02-16
Ninja Forms WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability 2021-02-16
WP Ticket Customer Service Software & Support Ticket System WordPress WP Ticket Customer Service Software & Support Ticket System plugin <= 5.5.1 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Teaser Maker WordPress Teaser Maker plugin <= 0.1.114 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Ad Swapper WordPress Ad Swapper plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Drug Search WordPress Drug Search plugin <= 1.0.0 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
WP Inimat WordPress WP Inimat plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Theme Editor WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities 2021-02-13
ElasticPress WordPress ElasticPress plugin <= 3.5.3 - Nonce Check Bypass vulnerability 2021-02-12