ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Social Feed Gallery WordPress WP Social Feed Gallery plugin <= 2.4.7 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
WP Social Feed Gallery WordPress WP Social Feed Gallery plugin <= 2.4.7 - Authorization Check vulnerability 2019-08-29
Additional Variation Images for WooCommerce WordPress Additional Variation Images for WooCommerce plugin <= 1.1.28 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-08-29
Social LikeBox & Feed WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
Social LikeBox & Feed WordPress Social LikeBox & Feed plugin <= 2.8.4 - Cross-Site Scripting (XSS) vulnerability 2019-08-29
WP DSGVO Tools (GDPR) WordPress WP DSGVO Tools (GDPR) plugin <= 2.2.18 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-29
WooCommerce Address Book WordPress WooCommerce Address Book plugin <= 1.5.6 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
HandL UTM Grabber WordPress HandL UTM Grabber plugin <= 2.6.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-29
NextGEN Gallery WordPress Nextgen Gallery plugin <= 3.2.8 - SQL Injection vulnerability 2019-08-27
Userpro WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-27
WP Private Content Plus WordPress WP Private Content Plus plugin <= 1.31 - Unauthenticated Options Change vulnerability 2019-08-27
Pie Register WordPress Pie Register plugin <= 3.1.1 - SQL Injection (SQLi) vulnerability 2019-08-27
Import Export WordPress Users WordPress Import Export WordPress Users plugin <= 1.3.1 - CSV Injection vulnerability 2019-08-26
Easy Forms for Mailchimp WordPress Easy Forms for Mailchimp plugin <= 6.5.2 - Code Injection vulnerability 2019-08-23
WebLibrarian WordPress Web Librarian plugin <= 3.5.4 - SQL Injection (SQLi) vulnerability 2019-08-21
Easy Property Listings WordPress Easy Property Listings plugin <= 3.3.5 - Cross-Site Scripting (XSS) vulnerability 2019-08-19
WP SVG Icons WordPress WP SVG Icons plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-08-16
Email Subscribers & Newsletters WordPress Email Subscribers & Newsletters plugin <= 4.1.6 - Cross-Site Scripting (XSS) vulnerability 2019-08-14
WP Fastest Cache WordPress WP Fastest Cache plugin <= 0.8.9.5 - Directory Traversal vulnerability 2019-08-14
Ultimate Member WordPress Ultimate Member plugin <= 2.0.53 - Cross-Site Scripting (XSS) vulnerability 2019-08-14