ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - Cross-Site Scripting (XSS) vulnerability 2019-09-09
LifterLMS WordPress LifterLMS plugin <= 3.34.5 - Unauthenticated Options Import vulnerability 2019-09-09
Advanced Access Manager WordPress Advanced Access Manager plugin <= 5.9.8.1 - Arbitrary File Access/Download vulnerability 2019-09-09
Search Exclude WordPress Search Exclude plugin <= 1.2.2 - Arbitrary Settings Change vulnerability 2019-09-08
ECPay Logistics for WooCommerce WordPress ECPay Logistics for WooCommerce plugin <= 1.2.181030 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
API Bearer Auth WordPress API Bearer Auth plugin <= 20181229 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
WordPress WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability 2019-09-05
Spryng Payments for WooCommerce WordPress Spryng Payments for WooCommerce plugin <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Portrait-Archiv.com Photostore WordPress Portrait-Archiv.com Photostore plugin <= 3.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Event Tickets WordPress Event Tickets plugin <= 4.10.7.1 - CSV Injection vulnerability 2019-09-03
WooCommerce Product Feed for Google, Facebook, eBay and Many More WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-30
Variation Swatches for WooCommerce WordPress Variation Swatches for WooCommerce plugin <= 1.0.61 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-30
WP Social Feed Gallery WordPress WP Social Feed Gallery plugin <= 2.4.7 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
WP Social Feed Gallery WordPress WP Social Feed Gallery plugin <= 2.4.7 - Authorization Check vulnerability 2019-08-29
Additional Variation Images for WooCommerce WordPress Additional Variation Images for WooCommerce plugin <= 1.1.28 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-08-29
Social LikeBox & Feed WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
Social LikeBox & Feed WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Scripting (XSS) vulnerability 2019-08-29
WP DSGVO Tools (GDPR) WordPress WP DSGVO Tools (GDPR) plugin <= 2.2.18 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-29
WooCommerce Address Book WordPress WooCommerce Address Book plugin <= 1.5.6 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
HandL UTM Grabber WordPress HandL UTM Grabber plugin <= 2.6.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29