ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Statistics WordPress WP Statistics plugin <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-07-04
Simple Mail Address Encoder WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability 2019-07-04
Widget Logic WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-02
360 Product Rotation WordPress 360 Product Rotation plugin <= 1.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-02
Watu Quiz WordPress Watu Quiz plugin <= 3.1.2.5 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-02
Widget Logic WordPress Widget Logic plugin <= 5.10.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-02
Insert or Embed Articulate Content into WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.2998 - Authenticated Remote Code Execution (RCE) vulnerability 2019-07-02
Insert or Embed Articulate Content into WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename 2019-07-02
Live Chat Unlimited WordPress Live Chat Unlimited premium plugin <= 2.8.3 - Stored Cross-Site Scripting (XSS) vulnerability 2019-07-02
SAML SP Single Sign On WordPress SAML SP Single Sign On plugin <= 4.8.72 - Cross-Site Scripting (XSS) vulnerability 2019-06-27
WP Better Permalinks WordPress WP Better Permalinks plugin <= 3.0.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27
ACF: Better Search WordPress ACF Better Search plugin <= 3.3.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27
WebP Converter for Media WordPress WebP Converter for Media plugin <= 1.0.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27
Block wp-login WordPress Block wp-login plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability + unauthorised option update 2019-06-27
WebP Express WordPress WebP Express plugin <= 0.14.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-06-26
Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.14.1.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-26
WP Ultimate Recipe WordPress WP Ultimate Recipe plugin <= 3.12.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-06-26
Revamp CRM for WooCommerce WordPress Revamp CRM for WooCommerce plugin <= 1.0.3 - Local File Inclusion (LFI) vulnerability 2019-06-25
Custom 404 Pro WordPress Custom 404 Pro plugin <= 3.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-06-25
CP Contact Form with Paypal WordPress CP Contact Form with Paypal plugin <= 1.2.97 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-06-25