ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Rencontre – Dating Site WordPress Rencontre – Dating Site plugin <= 3.2.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities 2019-12-27
301 Redirects WordPress 301 Redirects plugin <= 2.40 - Authenticated Arbitrary Redirect Injection, XSS, and CSRF vulnerabilities 2019-12-20
Quiz And Survey Master WordPress Quiz And Survey Master plugin <= 6.3.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-12-15
WordPress WordPress <= 5.3 - Stored Cross-Site Scripting (XSS) vulnerability 2019-12-13
ListingPro WordPress ListingPro premium theme <= 2.0.14.2 - Reflected & Persistent Cross-Site Scripting (XSS) vulnerability 2019-12-13
Ultimate Addons for Elementor WordPress Ultimate Addons for Elementor plugin <= 1.20.0 - Authentication Bypass vulnerability 2019-12-12
Ultimate Addons for Beaver Builder WordPress Ultimate Addons for Beaver Builder plugin <= 1.24.0 - Authentication Bypass vulnerability 2019-12-12
Superlist WordPress Superlist premium theme <= 2.9.2 - Persistent Cross-Site Scripting (XSS) vulnerability 2019-12-12
Scoutnet Kalender WordPress Scoutnet Kalender plugin <= 1.1.0 - Stored Cross-Site Scripting (XSS) vulnerability 2019-12-11
CSS Hero WordPress CSS Hero plugin <= 4.03 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-12-04
Mesmerize WordPress Mesmerize theme <=1.6.89 - Authenticated Options Update vulnerability 2019-12-02
Materialis WordPress Materialis theme <=1.0.172 - Authenticated Options Update vulnerability 2019-12-02
WP Spell Check WordPress WP Spell Check plugin <= 7.1.9 - Cross-Site Request Forgery (CSRF) vulnerability 2019-11-26
Jetpack WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability 2019-11-21
WP Maintenance WordPress WP Maintenance plugin <=5.0.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability 2019-11-20
Sassy Social Share WordPress Sassy Social Share plugin <= 3.3.3 - Cross-Site Scripting (XSS) vulnerability 2019-11-18
Social Photo Gallery WordPress Social Photo Gallery plugin <= 1.0 - Remote Code Execution (RCE) vulnerability 2019-11-15
Blog2Social WordPress Blog2Social plugin <=5.8.1 - Cross-Site Scripting (XSS) vulnerability 2019-11-14
Spam protection, AntiSpam, FireWall by CleanTalk WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability 2019-11-14
Email Subscribers & Newsletters WordPress Email Subscribers & Newsletters plugin <=4.2.2 - Multiple security issues 2019-11-13