ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Custom CSS Pro WordPress Custom CSS Pro plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
HTML5 Maps WordPress HTML5 Maps plugin <= 1.6.5.6 - Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
Download Personalized WooCommerce Cart Page WordPress Personalized WooCommerce Cart Page plugin <= 2.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-10
Contest Gallery WordPress Contest Gallery plugin <= 10.4.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-10
Online Lesson Booking WordPress Online Lesson Booking plugin <= 0.8.6 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
Attendance Manager WordPress Attendance Manager plugin <= 0.5.6 - Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
Zoho SalesIQ WordPress Zoho SalesIQ plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
WP Like Button WordPress WP Like Button plugin <= 1.6.0 - Auth Bypass vulnerability 2019-07-10
Slimstat Analytics WordPress Slimstat Analytics plugin <= 4.8.3 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) + Setting Updates vulnerabilities 2019-07-10
Rencontre WordPress Rencontre – Dating Site plugin <= 3.1.2 - SQL Injection (SQLi) and Cross-Site Scripting (XSS) vulnerabilities 2019-07-10
iLive WordPress iLive premium plugin <= 1.0.4 - Stored Cross-Site Scripting (XSS) vulnerability 2019-07-09
WooCommerce WordPress WooCommerce plugin <= 3.6.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-07
Appointment Booking Calendar WordPress Appointment Booking Calendar plugin <= 1.3.18 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-07-07
Gallery PhotoBlocks WordPress Gallery Photoblocks plugin <= 1.1.40 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-05
Zoner - Real Estate WordPress Zoner - Real Estate premium theme <= 4.1 - Reflected & Stored Cross-Site Scripting (XSS) vulnerability 2019-07-05
MyBookTable Bookstore WordPress MyBookTable plugin <= 3.2.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2019-07-05
Ocean Extra WordPress Ocean Extra plugin <= 1.5.8 - Unauthenticated Settings change vulnerability 2019-07-04
Ocean Extra WordPress Ocean Extra plugin <= 1.5.8 - Unauthenticated CSS injection vulnerability 2019-07-04
Essential Real Estate WordPress Essential Real Estate plugin <= 1.7.1 - Cross-Site Scripting (XSS) vulnerability 2019-07-04
Visitors Traffic Real Time Statistics WordPress Visitors Traffic Real Time Statistics plugin <= 1.12 - Cross-Site Request Forgery (CSRF) leading to Stored XSS/SQLi vulnerabilities 2019-07-04