ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
YITH WooCommerce Authorize.net Payment Gateway WordPress YITH WooCommerce Authorize.net Payment Gateway plugin <=1.1.12 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH WooCommerce Best Sellers WordPress YITH WooCommerce Best Sellers plugin <=1.1.12 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH WooCommerce Mailchimp WordPress YITH WooCommerce Mailchimp plugin <=2.1.3 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH WooCommerce Multi Vendor WordPress YITH WooCommerce Multi Vendor plugin <=3.4.0 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH WooCommerce Questions and Answers WordPress YITH WooCommerce Questions and Answers plugin <=1.1.9 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH WooCommerce Recover Abandoned Cart WordPress YITH WooCommerce Recover Abandoned Cart plugin <=1.3.3 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH PayPal Express Checkout for WooCommerce WordPress YITH PayPal Express Checkout for WooCommerce plugin <=1.2.5 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
YITH Desktop Notifications for WooCommerce WordPress YITH Desktop Notifications for WooCommerce plugin <=1.2.7 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability 2019-10-31
SyntaxHighlighter Evolved WordPress SyntaxHighlighter Evolved plugin <= 3.5.0 - Stored Cross-Site Scripting (XSS) vulnerability 2019-10-23
Sliced Invoices WordPress Sliced Invoices plugin <= 3.8.2 - Multiple vulnerabilities 2019-10-18
EU Cookie Law (GDPR) WordPress EU Cookie Law plugin <= 3.0.6 - Stored Cross-Site Scripting (XSS) vulnerability 2019-10-17
Zoho CRM Lead Magnet WordPress Zoho CRM Lead Magnet plugin <=1.6.9.1 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-10-17
WordPress WordPress <= 5.2.3 - Multiple security issues (XSS, SSRF, Cache Poisoning) 2019-10-15
iThemes Sync WordPress iThemes Sync plugin <= 2.0.17 - Insufficient Secure Key Validation vulnerability 2019-10-10
Theme Editor WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities 2019-09-30
visualizer WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF) 2019-09-28
Give WordPress GiveWp plugin <= 2.5.4 - Authentication Bypass 2019-09-26
DELUCKS SEO WordPress DELUCKS SEO plugin <= 2.1.7 - Unauthenticated Options Update vulnerability 2019-09-25
Rich Reviews WordPress Rich Reviews plugin <= 1.7.4 - Unauthenticated Plugin Options Update vulnerability 2019-09-25
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability 2019-09-23