ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Evarisk WordPress Evarisk Plugin - Arbitrary File Upload Vulnerability 2012-01-14
Count per Day WordPress Count per Day Plugin - Multiple Vulnerabilities 2012-01-12
WP Autoyoutube WordPress WP Autoyoutube Plugin - Blind SQL Injection 2012-01-12
Age Verification WordPress Age Verification Plugin <= 0.4 - Open Redirect 2012-01-10
Pay with Tweet WordPress Pay with Tweet Plugin <= 1.1 - Multiple Vulnerabilities 2012-01-06
Symposium WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload 2012-01-04
WordPress WordPress <= 0.7 - SQL injection 2012-01-04
WordPress WordPress <= 0.70 - PHP remote file inclusion 2012-01-04
Whois Search WordPress WHOIS Plugin 1.4.2.3 - Cross Site Scripting 2012-01-03
Comment Rating WordPress Comment Rating Plugin 2.9.20 - Cross Site Scripting 2012-01-03
Lytebox WordPress <= 3.3.0 - XSS 2012-01-03
WP Live.php WordPress WP Live.php Plugin 1.2.1 - Cross Site Scripting 2012-01-01
The Welcomizer WordPress The Welcomizer Plugin 1.3.9.4 - Cross Site Scripting 2011-12-31
TheCartPress WordPress TheCartPress Plugin 1.6 - Cross Site Scripting 2011-12-31
Mailing List WordPress Mailing List Plugin - Arbitrary File Download Vulnerability 2011-12-26
WordPress WordPress <= 3.1.0 - Multiple Vulnerabilities 2011-12-23
WordPress WordPress <= 3.1.0 - Cross Site Scripting 2011-12-23
Grand Flagallery WordPress Flash Album Gallery Plugin - Cross Site Scripting 2011-12-13
Grand Flagallery WordPress Grand FlAGallery Plugin 1.57 - Cross Site Scripting 2011-12-12
UPM Pools WordPress UPM Polls Plugin 1.0.4 - Blind SQL Injection 2011-12-11