ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Stripe Payments WordPress Stripe Payments plugin <= 2.0.39 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-08
WP-Paginate WordPress WP Paginate plugin <= 2.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-07
Contact Form Submissions WordPress Contact Form Submissions plugin <= 1.6.4 - Authenticated SQL Injection (SQLi) vulnerability 2021-01-03
Contact Form Submissions WordPress Contact Form Submissions plugin <= 1.6.4 - Authenticated Double Query SQL injection (SQLi) vulnerability 2021-01-03
Site Offline WordPress Site Offline plugin <= 1.4.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-29
Newsletter Manager WordPress Newsletter Manager plugin <= 1.5.1 - Unauthenticated Insecure Deserialisation vulnerability 2020-12-29
Internal Links Manager WordPress Internal Links Manager plugin <= 2.1.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities 2020-12-28
Thumbnail carousel slider WordPress Thumbnail carousel slider plugin <= 1.0 - Authenticated Shell Upload and Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-28
Thumbnail carousel slider WordPress Thumbnail carousel slider plugin <= 1.0 - Stored Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities 2020-12-28
LiteSpeed Cache WordPress LiteSpeed Cache plugin <= 3.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-12-26
Adning Advertising WordPress Adning Advertising premium plugin <= 1.5.5 - Arbitrary File Upload vulnerability 2020-12-24
WP-PostRatings WordPress WP-PostRatings plugin <= 1.86 - Stored Cross-Site Scripting (XSS) vulnerability 2020-12-24
Limit Login Attempts Reloaded WordPress Limit Login Attempts Reloaded plugin <= 2.15.2 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-21
Limit Login Attempts Reloaded WordPress Limit Login Attempts Reloaded plugin <= 2.17.3 - Login Rate Limiting Bypass vulnerability 2020-12-21
Simple Social Media Share Buttons WordPress Simple Social Media Share Buttons plugin <= 3.2.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-19
Envira Photo Gallery WordPress Envira Photo Gallery plugin <= 1.8.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-12-19
Simple Social Media Share Buttons WordPress Simple Social Media Share Buttons plugin <= 3.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-18
ListingPro WordPress ListingPro theme <= 2.6 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation vulnerability 2020-12-17
ListingPro WordPress ListingPro theme <= 2.6 - Unauthenticated Sensitive Data Disclosure (Usernames, Emails etc) vulnerability 2020-12-17
Contact Form 7 WordPress Contact Form 7 plugin <= 5.3.1 - Unrestricted File Upload vulnerability 2020-12-17