ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Ninja Forms WordPress Ninja Forms Contact Form plugin <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure vulnerability 2021-02-16
WP Ticket Customer Service Software & Support Ticket System WordPress WP Ticket Customer Service Software & Support Ticket System plugin <= 5.5.1 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Teaser Maker WordPress Teaser Maker plugin <= 0.1.114 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Ad Swapper WordPress Ad Swapper plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Drug Search WordPress Drug Search plugin <= 1.0.0 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
WP Inimat WordPress WP Inimat plugin <= 1.0 - Cross-Site Scripting (XSS) vulnerability 2021-02-15
Theme Editor WordPress Theme Editor plugin <= 2.5 - Multiple Authenticated Arbitrary File Download vulnerabilities 2021-02-13
ElasticPress WordPress ElasticPress plugin <= 3.5.3 - Nonce Check Bypass vulnerability 2021-02-12
eCommerce Product Catalog WordPress eCommerce Product Catalog plugin <= 3.0.17 - Cross-Site Request Forgery (CSRF) vulnerability 2021-02-12
All In One WP Security & Firewall WordPress All In One WP Security & Firewall plugin <= 4.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2021-02-11
Post SMTP Mailer/Email Log WordPress Post SMTP Mailer/Email Log plugin <= 2.0.20 - Cross-Site Request Forgery (CSRF) nonce validation vulnerability 2021-02-11
Responsive Menu WordPress Responsive Menu plugin <= 4.0.3 - Authenticated Arbitrary File Upload vulnerability 2021-02-10
Responsive Menu WordPress Responsive Menu plugin <= 4.0.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability 2021-02-10
Responsive Menu WordPress Responsive Menu plugin <= 4.0.3 - Cross-Site Request Forgery (CSRF) leading to Setting Modification vulnerability 2021-02-10
Map Block for Google Maps WordPress Map Block for Google Maps plugin <= 1.31 - Google API Key Manipulation vulnerability 2021-02-10
Welcart e-Commerce by Collne Inc. WordPress Welcart e-Commerce plugin <= 2.0.0 - SQL injection (SQLi) vulnerability 2021-02-09
Backup by Supsystic WordPress Backup by Supsystic plugin <= 2.3.12 - Local File Inclusion (LFI) vulnerability 2021-02-08
Contact Form by Supsystic WordPress Contact Form by Supsystic plugin <= 1.7.5 - SQL injection (SQLi) vulnerability 2021-02-08
Contact Form by Supsystic WordPress Contact Form by Supsystic plugin <= 1.7.5 - Stored Cross-Site Scripting (XSS) vulnerability 2021-02-08
Data Tables Generator by Supsystic WordPress Data Tables Generator by Supsystic plugin <= 1.9.96 - SQL injection (SQLi) vulnerability 2021-02-08