ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
YellowPencil Visual CSS Style Editor WordPress YellowPencil Visual CSS Style Editor plugin <= 7.2.0 - Unauthenticated arbitrary Options update vulnerability 2019-04-12
Advanced Contact form 7 DB WordPress Advanced Contact form 7 DB plugin <= 1.6.0 - Authenticated SQL Injection (SQLi) vulnerability 2019-04-12
Contact Form by WD WordPress Contact Form by WD plugin <= 1.13.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-04-10
Form Maker WordPress Form Maker by 10Web plugin <= 1.13.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-04-10
Yuzo Related Posts WordPress Yuzo Related Posts plugin <=5.12.91 - Broken authentication 2019-04-10
Duplicate Page WordPress Duplicate Page plugin <= 3.3 - Authenticated SQL Injection (SQLi) vulnerability 2019-04-08
Ultimate Member WordPress Ultimate Member plugin <= 2.0.39 - Cross-Site Request Forgery (CSRF) vulnerability 2019-04-04
Pipdig Power Pack WordPress Pipdig Power Pack plugin <= 4.7.3 - Vendor Backdoors & Suspicious Code 2019-04-02
WP Google Maps WordPress WP Google Maps plugin <= 7.11.17 - Unauthenticated SQL Injection (SQLi) vulnerability 2019-04-02
article2pdf WordPress article2pdf plugin <=0.27 - Multiple vulnerabilities 2019-03-28
Font Organizer WordPress Font Organizer plugin <=2.1.1 - Cross-Site Scripting (XSS) vulnerability 2019-03-22
Social Warfare WordPress Social Warfare plugin <= 3.5.2 - Unauthenticated Arbitrary Settings Update vulnerability 2019-03-22
NextScripts WordPress NextScripts plugin <= 4.2.7 - Cross-Site Scripting (XSS) vulnerability 2019-03-22
WP Google Maps WordPress WP Google Maps plugin <= 7.10.41 - Cross-Site Scripting (XSS) vulnerability 2019-03-22
WP Live Chat Support WordPress WP Live Chat Support plugin <= 8.0.17 - Cross-Site Scripting (XSS) vulnerability 2019-03-22
YOP Poll WordPress YOP Poll plugin <= 6.0.2 - Cross-Site Scripting (XSS) vulnerability 2019-03-22
Easy WP SMTP WordPress Easy WP SMTP plugin <= 1.3.9 - Unauthenticated arbitrary "wp_options" import vulnerability 2019-03-20
GraceMedia Media Player WordPress GraceMedia Media Player plugin 1.0 - Local File Inclusion (LFI) vulnerability 2019-03-19
WP Support Plus Responsive Ticket System WordPress WP Support Plus Responsive Ticket System plugin <= 9.1.1 - Stored Cross-Site Scripting (XSS) vulnerability 2019-03-19
WordPress WordPress 3.9-5.1 - Cross-Site Scripting (XSS) vulnerability 2019-03-13