ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Data Tables Generator by Supsystic WordPress Data Tables Generator by Supsystic plugin <= 1.9.96 - Stored Cross-Site Scripting (XSS) vulnerability 2021-02-08
Digital Publications by Supsystic WordPress Digital Publications by Supsystic plugin <= 1.6.11 - Path Traversal and DoS vulnerability 2021-02-08
Digital Publications by Supsystic WordPress Digital Publications by Supsystic plugin <= 1.6.11 - Stored Cross-Site Scripting (XSS) vulnerability 2021-02-08
Membership by Supsystic WordPress Membership by Supsystic plugin <= 1.5.0 - SQL injection (SQLi) vulnerability 2021-02-08
Newsletter by Supsystic WordPress Newsletter by Supsystic plugin <= 1.5.6 - SQL injection (SQLi) vulnerability 2021-02-08
NextGEN Gallery WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to file upload 2021-02-08
NextGEN Gallery WordPress NextGen Gallery plugin <= 3.4.7 - Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI 2021-02-08
Pricing Table by Supsystic WordPress Pricing Table by Supsystic plugin <= 1.8.8 - SQL injection (SQLi) vulnerability 2021-02-08
Pricing Table by Supsystic WordPress Pricing Table by Supsystic plugin <= 1.8.8 - Stored Cross-Site Scripting (XSS) vulnerability 2021-02-08
Ultimate Maps by Supsystic WordPress Ultimate Maps by Supsystic plugin <= 1.1.14 - SQL injection (SQLi) vulnerability 2021-02-08
WP Armour – Honeypot Anti Spam WordPress WP Armour – Honeypot Anti Spam plugin <= 1.5.6 - Cross-Site Scripting (XSS) vulnerability 2021-02-08
Wyzi WordPress Wyzi premium theme <= 2.4.2 - Cross-Site Scripting (XSS) vulnerability 2021-02-06
Like Button Rating WordPress Like Button Rating plugin <= 2.6.31 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability 2021-02-06
Paid Memberships Pro WordPress Paid Memberships Pro plugin <= 2.5.2 - Insecure Direct Object Reference & sensitive information disclosure vulnerability 2021-02-06
Ultimate GDPR & CCPA Compliance Toolkit WordPress Ultimate GDPR & CCPA Compliance Toolkit premium plugin <= 2.4 - Unauthenticated Settings Import & Export vulnerability 2021-02-05
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.67 - Cross-Site Scripting (XSS) vulnerability 2021-02-04
Contact Form 7 Style WordPress Contact Form 7 Style plugin <= 3.1.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability 2021-02-04
WP Editor WordPress WP Editor plugin <= 1.2.6.3 - SQL injection (SQLi) vulnerability 2021-02-02
MStore API WordPress MStore API plugin <= 3.1.9 - Bypass vulnerability in Apple login authentication method 2021-02-02
Modern Events Calendar Lite WordPress Modern Events Calendar Lite plugin <= 5.16.2 - Authenticated Arbitrary File Upload to Remote Code Execution (RCE) vulnerability 2021-01-29