ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Pootle button WordPress Pootle button plugin <=1.1.1 - Authenticated Cross-Site Scripting (XSS) vulnerability 2017-10-13
Invite Anyone WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability 2017-10-13
Simple Login Log WordPress Simple Login Log plugin <=1.1.0 - Authenticated SQL Injection vulnerability 2017-10-11
My WP Translate WordPress My WP Translate plugin <=1.0.3 - Authenticated Option Deletion Vulnerability 2017-10-11
Smush Image Compression and Optimization WordPress Smush Image Compression and Optimization plugin <=2.7.5 - File Traversal vulnerability 2017-10-09
TwitterCart WordPress TwitterCart plugin <= 2.0 - Tweet Sending Vulnerability 2017-10-09
WooCommerce PDF Invoices & Packing Slips WordPress WooCommerce PDF Invoices & Packing Slips plugin <=2.0.12 - Cross-Site Scripting (XSS) vulnerability 2017-10-05
Content Timeline WordPress Content Timeline plugin <=4.4.2 - Multiple Blind SQL Injection vulnerabilities 2017-10-03
Appointments WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability 2017-10-03
Flickr Gallery WordPress Flickr Gallery plugin <=1.5.2 - Unauthenticated PHP Object Injection vulnerability 2017-10-03
RegistrationMagic-Custom Registration Forms WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability 2017-10-03
Student Result or Employee Database WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability 2017-09-28
BackWPup WordPress BackWPup plugin <=3.4.1 - Unrestricted Backup File Download 2017-09-28
2kb Amazon Affiliates Store WordPress 2kb Amazon Affiliates Store plugin <=2.1.0 - Authenticated Cross-Site Scripting (XSS) vulnerability 2017-09-28
MarketPress – WordPress eCommerce WordPress MarketPress plugin <=3.2.6 - PHP Object Injection vulnerability 2017-09-28
Content Audit WordPress Content Audit plugin <=1.9.1 - Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities 2017-09-28
VaultPress WordPress VaultPress plugin <=1.9 - Unauthenticated RCE vulnerability 2017-09-25
Responsive Image Gallery, Gallery Album WordPress Responsive Image Gallery, Gallery Album plugin <=1.2.0 - Authenticated SQL Injection vulnerability 2017-09-25
Shoppable Images Lite WordPress Shoppable Images Lite plugin <=1.0.0 - Cross-Site Request Forgery (CSRF)/PHP Object Injection Vulnerabilities 2017-09-25
WordPress WordPress <=4.8.1 - SQL injection (SQLi) vulnerability 2017-09-19