ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-10-03
Localize My Post WordPress Localize My Post plugin 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability 2018-10-03
Contact Form 7 WordPress Contact Form 7 plugin <= 5.0.3 - Privilege Escalation vulnerability 2018-09-13
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
Userpro WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
File Manager WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-09-09
Duplicator WordPress Duplicator plugin <= 1.2.40 - Arbitrary Code Execution vulnerability 2018-09-05
Image Intense Plugin WordPress Image Intense premium plugin <= 3.2.5 - Authenticated SQL Injection (SQLi) vulnerability 2018-09-05
Jibu Pro WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-09-01
WooCommerce WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability 2018-09-01
Export Users to CSV WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability 2018-09-01
Ajax BootModal Login WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability 2018-09-01
Gift Vouchers WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-09-01
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Chained Quiz WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-08-28
Supreme Directory WordPress Supreme Directory theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Plainview Activity Monitor WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - Cross-Site Scripting (XSS) vulnerability 2018-08-28
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Unauthenticated Arbitrary File Upload vulnerability 2018-08-09