ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Wibar WordPress Wibar premium theme <= 1.1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-30
Age Gate WordPress WordPress Age Gate plugin <= 2.13.4 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability 2020-11-30
Events Manager WordPress Events Manager plugin <= 5.9.7.3 - Cross-Site Scripting (XSS) vulnerability 2020-11-30
Events Manager WordPress Events Manager plugin <= 5.9.7.3 - SQL Injection (SQLi) vulnerability 2020-11-30
BuddyPress WordPress BuddyPress plugin <= 6.3.0 - Excessive user capabilities in possible rich text fields vulnerability 2020-11-29
AccessPress Social Icons WordPress Accesspress Social Icons plugin <= 1.7.9 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-28
WP Google Map Plugin WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-25
Events Manager WordPress Events Manager plugin <= 5.9.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-25
WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-11-25
WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) / Cross-Frame Scripting (XFS) vulnerabilities 2020-11-25
Media Library Assistant WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-11-24
Secure File Manager WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability 2020-11-23
WooCommerce Anti-Fraud WordPress WooCommerce Anti-Fraud premium plugin <= 3.2 - Unauthenticated order status manipulation 2020-11-22
Spam protection, AntiSpam, FireWall by CleanTalk WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities 2020-11-20
weForms WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability 2020-11-20
Easy Registration Forms WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability 2020-11-20
Import and export users and customers WordPress Import and export users and customers plugin <= 1.16.3.5 - CSV Injection vulnerability 2020-11-20
Contextual Related Posts WordPress Contextual Related Posts plugin <= 2.9.3 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-11-19
Fancy Product Designer WordPress Fancy Product Designer plugin <= 4.5.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-18
AIT CSV Import / Export WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability 2020-11-13