ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Doneren met Mollie WordPress Doneren met Mollie plugin <= 2.8.4 - Authenticated Information Disclosure vulnerability 2021-01-22
Contact Form 7 Database Addon – CFDB7 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability 2021-01-21
Digital Climate Strike WP WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites 2021-01-20
Under Construction WordPress Under Construction plugin <= 3.85 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-20
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability 2021-01-19
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability 2021-01-19
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary File Upload vulnerability 2021-01-19
301 Redirects WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability 2021-01-18
Stockdio Historical Chart WordPress Stockdio Historical Chart plugin <= 2.7.2 - Cross-Site Scripting (XSS) vulnerability 2021-01-16
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-15
Simple Job Board WordPress Simple Job Board plugin <= 2.9.3 - Authenticated Directory Traversal vulnerability 2021-01-15
WP E-Signature WordPress WP E-Signature premium plugin <= 1.5.6.5 - Unauthenticated Remote Code Execution (RCE) vulnerability 2021-01-13
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability 2021-01-12
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
Elementor Contact Form DB WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability 2021-01-12
Custom Global Variables WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
WP24 Domain Check WordPress WP24 Domain Check plugin <= 1.6.2 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
Modal Survey WordPress Modal Survey premium plugin <= 2.0.1.8 - Multiple vulnerabilities 2021-01-08