ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
PDF & Print WordPress PDF & Print plugin <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS) vulnerability 2018-10-03
Breadcrumb NavXT WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API 2018-10-03
Wechat Broadcast WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability 2018-10-03
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-10-03
Localize My Post WordPress Localize My Post plugin 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability 2018-10-03
Contact Form 7 WordPress Contact Form 7 plugin <= 5.0.3 - Privilege Escalation vulnerability 2018-09-13
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
Userpro WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
File Manager WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-09-09
Duplicator WordPress Duplicator plugin <= 1.2.40 - Arbitrary Code Execution vulnerability 2018-09-05
Image Intense Plugin WordPress Image Intense premium plugin <= 3.2.5 - Authenticated SQL Injection (SQLi) vulnerability 2018-09-05
Jibu Pro WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-09-01
WooCommerce WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability 2018-09-01
Export Users to CSV WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability 2018-09-01
Ajax BootModal Login WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability 2018-09-01
Gift Vouchers WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-09-01
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Chained Quiz WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-08-28
Supreme Directory WordPress Supreme Directory theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Plainview Activity Monitor WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability 2018-08-28