ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Easy Property Listings WordPress Easy Property Listings plugin <= 3.3.5 - Cross-Site Scripting (XSS) vulnerability 2019-08-19
WP SVG Icons WordPress WP SVG Icons plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-16
Email Subscribers & Newsletters WordPress Email Subscribers & Newsletters plugin <= 4.1.6 - Cross-Site Scripting (XSS) vulnerability 2019-08-14
WP Fastest Cache WordPress WP Fastest Cache plugin <= 0.8.9.5 - Directory Traversal vulnerability 2019-08-14
Ultimate Member WordPress Ultimate Member plugin <= 2.0.53 - Cross-Site Scripting (XSS) vulnerability 2019-08-14
Simple 301 Redirects – Addon – Bulk Uploader WordPress Simple 301 Redirects Addon Bulk Uploader plugin <= 1.2.4 - Unauthenticated option changes and other security issues 2019-08-12
CformsII WordPress CformsII plugin <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery (CSRF) vulnerabilities 2019-08-12
Give WordPress Give plugin <= 2.5.0 - SQL Injection (SQLi) vulnerability 2019-08-12
PPOM for WooCommerce WordPress PPOM for WooCommerce plugin <= 18.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-08-12
Restaurant Reservations WordPress Restaurant Reservations plugin <= 1.3 - Unauthenticated Options Change vulnerability 2019-08-12
Login or Logout Menu Item WordPress Login or Logout Menu Item plugin <= 1.1.1 - Unauthenticated Options Change vulnerability 2019-08-08
JoomSport WordPress JoomSport plugin <= 3.3 - SQL Injection (SQLi) vulnerability 2019-08-08
Learning Courses WordPress Learning Courses plugin <= 4.7 - Unauthenticated Options Change vulnerability 2019-08-06
Popup Builder WordPress Popup Builder plugin <= 3.44 - SQL Injection (SQLi) vulnerability 2019-08-06
Booking WordPress Booking plugin <= 2.4 - Unauthenticated Options Change vulnerability 2019-08-06
Donations WordPress Donations plugin <= 1.3 - Unauthenticated Options Change vulnerability 2019-08-06
Real Estate 7 WordPress Real Estate 7 plugin <= 2.9.0 - Stored Cross-Site Scripting (XSS) vulnerability 2019-08-06
Real Estate 7 WordPress Real Estate 7 plugin <= 2.9.0 - Insecure Direct Object Reference vulnerability 2019-08-06
Travel Management WordPress Travel Management plugin <= 1.5 - Unauthenticated Options Change vulnerability 2019-08-06
Woody ad snippets WordPress Woody Ad Snippets plugin <= 2.2.4 - Unauthenticated stored Cross-Site Scripting (XSS) vulnerability 2019-08-06