ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Redux WordPress Redux plugin <= 4.1.20 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-12-15
Redux WordPress Redux Framework <= 4.1.23 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-12-15
Directories Pro WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-14
Directories Pro WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Self-Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-14
Popup Builder WordPress Popup Builder plugin <= 3.69.6 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities 2020-12-14
Ultimate Category Excluder WordPress Ultimate Category Excluder plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability 2020-12-11
PageLayer WordPress PageLayer plugin <= 1.3.4 - Reflected Cross_site Scripting (XSS) vulnerability 2020-12-10
DiveBook WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability 2020-12-09
DiveBook WordPress DiveBook plugin <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-09
DiveBook WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-12-09
Easy WP SMTP WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset 2020-12-07
Themify Portfolio Post WordPress Themify Portfolio Post plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-12-04
Paid Memberships Pro WordPress Paid Memberships Pro plugin <= 2.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2020-12-03
Profile Builder Pro WordPress Profile Builder Pro premium plugin <= 3.3.2 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-12-02
Profile Builder WordPress Profile Builder plugin <= 3.3.2 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-12-02
eventON WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability 2020-12-01
Canto WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability 2020-12-01
Wibar WordPress Wibar premium theme <= 1.1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-30
Age Gate WordPress WordPress Age Gate plugin <= 2.13.4 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability 2020-11-30
Events Manager WordPress Events Manager plugin <= 5.9.7.3 - Cross-Site Scripting (XSS) vulnerability 2020-11-30