ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Ultimate Member WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability 2020-01-22
Calculated Fields Form WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-22
AccessAlly WordPress AccessAlly plugin <= 3.3.1 - Arbitrary PHP Execution vulnerability 2020-01-21
WP Accessibility WordPress WP Accessibility plugin <= 1.6.10 - Minor Authenticated Stored Cross-Site Scripting (XSS) in custom CSS 2020-01-21
Chatbot with IBM Watson WordPress Chatbot with IBM Watson plugin <= 0.8.20 - DOM Cross-Site Scripting (XSS) vulnerability 2020-01-21
Ultimate Auction WordPress Ultimate Auction plugin <= 4.0.5 - Multiple CSRF & XSS vulnerabilities 2020-01-09
WooCommerce – Store Exporter WordPress WooCommerce - Store Exporter plugin <= 2.3.1 - CSV Injection vulnerability 2020-01-09
CityBook WordPress CityBook theme <= 2.3.3 - Multiple vulnerabilities (Reflected XSS, Persistent XSS & IDOR) 2020-01-09
InfiniteWP Client WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability 2020-01-08
Backup and Staging by WP Time Capsule WordPress Backup and Staging by WP Time Capsule plugin <= 1.21.15 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.15 - Insecure permissions: Export Settings/Theme Change vulnerability 2020-01-08
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-01-07
Postie WordPress Postie plugin <= 1.9.40 - Stored Cross-Site Scripting (XSS) and post submission spoofing vulnerabilities 2020-01-06
Import users from CSV with meta WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability 2020-01-06
WordPress WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability 2020-01-06
Divi WordPress Divi premium theme <= 4.0.9 - Authenticated Code Injection 2020-01-05
Extra WordPress Extra premium theme <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
Divi Builder WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
WooCommerce Conversion Tracking WordPress WooCommerce Conversion Tracking plugin <=2.0.4 - Cross-Site Request Forgery (CSRF) to XSS vulnerability 2020-01-05