ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WooCommerce WordPress WooCommerce plugin <=3.2.3 - Authenticated PHP Object Injection vulnerability 2018-02-23
Ninja Forms WordPress Ninja Forms plugin <=3.2.13 - Cross-Site Scripting (XSS) vulnerability 2018-02-22
Simple Contact Info Simple Contact Info plugin <= v1.1.9 - Authenticated Arbitrary File Deletion Vulnerability 2018-02-07
flickrRSS WordPress flickrRSS plugin <= 5.3.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-02-07
flickrRSS WordPress flickrRSS plugin <=5.3.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-02-07
Instagram Feed WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability 2018-02-07
PropertyHive WordPress PropertyHive plugin <=1.4.14 - Cross-Site Scripting (XSS) vulnerability 2018-02-05
WordPress WordPress <=4.9.2 - Application Denial of Service (DoS) vulnerability 2018-02-05
Splashing Images WordPress Splashing Images plugin <=2.1 - Authenticated PHP Object Injection vulnerability 2018-01-30
Splashing Images WordPress Splashing Images plugin <=2.1 - Cross-Site Scripting (XSS) vulnerability 2018-01-30
Social Media Widget by Acurax WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability 2018-01-30
Social Media Widget by Acurax WordPress Social Media Widget by Acurax plugin <=3.2.5 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-30
Enfold WordPress Enfold theme <=4.2 - Rewrite Portfolio Permalink Structure & Information Disclosure 2018-01-30
User Control WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-01-30
BuddyBoss Media WordPress BuddyBoss Media plugin <=3.2.3 - Stored Cross-Site Scripting (XSS) vulnerability 2018-01-22
Dark Mode WordPress Dark Mode plugin <=1.6 - Multiple stored Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Pinterest Feed WordPress Pinterest Feed plugin <=1.1.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Pinterest Feed WordPress Pinterest Feed plugin <=1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22
Coming Soon WordPress Coming Soon plugin <=1.1.18 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Coming Soon WordPress Coming Soon plugin <=1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22