ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability 2018-12-04
Ninja Forms WordPress Ninja Forms plugin <= 3.3.19 - Authenticated Open Redirect vulnerability 2018-12-04
Ultimate Member WordPress Ultimate Member plugin <= 2.0.32 - Cross-Site Request Forgery (CSRF) vulnerability 2018-11-27
WP-DBManager WordPress WP-DBManager plugin <= 2.79.1 - Arbitrary File Deletion vulnerability 2018-11-27
Yoast SEO WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability 2018-11-20
Ninja Forms WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-15
Better WordPress reCAPTCHA WordPress Better WordPress reCAPTCHA plugin <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Directory Traversal vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2018-11-13
WP GDPR Compliance WordPress WP GDPR Compliance plugin <= 1.4.2 - Privilege Escalation vulnerability 2018-11-13
Flow-Flow Social Stream WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Calendar WordPress Calendar plugin <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-11-13
Accelerated Mobile Pages WordPress Accelerated Mobile Pages plugin <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities 2018-11-13
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated File Deletion to Privilege Escalation vulnerability 2018-11-07
ARForms WordPress ARForms plugin <= 3.5.1 - Unauthenticated Arbitrary File Deletion vulnerability 2018-10-29
Pie Register WordPress Pie Register plugin <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-10-29
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Object Injection vulnerability 2018-10-29
PDF & Print WordPress PDF & Print plugin <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS) vulnerability 2018-10-03
Breadcrumb NavXT WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API 2018-10-03
Wechat Broadcast WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability 2018-10-03