ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WooCommerce – Store Exporter WordPress WooCommerce - Store Exporter plugin <= 2.3.1 - CSV Injection vulnerability 2020-01-09
CityBook WordPress CityBook theme <= 2.3.3 - Multiple vulnerabilities (Reflected XSS, Persistent XSS & IDOR) 2020-01-09
InfiniteWP Client WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability 2020-01-08
Backup and Staging by WP Time Capsule WordPress Backup and Staging by WP Time Capsule plugin <= 1.21.15 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.15 - Insecure permissions: Export Settings/Theme Change vulnerability 2020-01-08
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-01-07
Postie WordPress Postie plugin <= 1.9.40 - Stored Cross-Site Scripting (XSS) and post submission spoofing vulnerabilities 2020-01-06
Import and export users and customers WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability 2020-01-06
WordPress WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass vulnerability 2020-01-06
Divi WordPress Divi premium theme <= 4.0.9 - Authenticated Code Injection 2020-01-05
Extra WordPress Extra premium theme <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
Divi Builder WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
WooCommerce Conversion Tracking WordPress WooCommerce Conversion Tracking plugin <=2.0.4 - Cross-Site Request Forgery (CSRF) to XSS vulnerability 2020-01-05
Photo Gallery – Image Gallery by Ape WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation 2020-01-02
Donorbox WordPress Donorbox plugin 7.1-7.1.1 - Stored Cross-Site Scripting (XSS) via plugin shortcode 2020-01-02
GDPR Cookie Compliance WordPress GDPR Cookie Compliance plugin <= 4.0.2 - Authenticated Settings Reset vulnerability 2019-12-27
bbPress Login Register Links On Forum Topic Pages WordPress bbPress Login Register Links On Forum Topic Pages plugin <= 2.7.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability 2019-12-27
bbPress Members Only WordPress bbPress Members Only plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability 2019-12-27
Featured Image from URL WordPress Featured Image from URL plugin <= 2.7.7 - Missing Access Controls on REST routes vulnerability 2019-12-27