ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Motors – Car Dealer & Classified Ads WordPress Motors – Car Dealer & Classified Ads plugin <= 1.4.0 - Multiple security issues 2019-09-23
Advanced AJAX Product Filters WordPress Advanced AJAX Product Filters plugin <= 1.3.6.1 - Unauthenticated Plugin Settings Update vulnerability 2019-09-19
Woody ad snippets WordPress Woody Ad Snippets plugin <= 2.2.7 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-15
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Authenticated SQL Injection (SQLi) vulnerability 2019-09-11
SlickQuiz WordPress SlickQuiz plugin <= 1.3.7.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-09-11
Checklist WordPress Checklist plugin <= 1.1.5 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Human Presence WordPress Human Presence plugin <= 2.0.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-11
Qwizcards WordPress Qwizcards plugin <= 3.36 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-10
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - SQL Injection (SQLi) vulnerability 2019-09-09
Photo Gallery by 10Web WordPress Photo Gallery by 10Web plugin <= 1.5.34 - Cross-Site Scripting (XSS) vulnerability 2019-09-09
LifterLMS WordPress LifterLMS plugin <= 3.34.5 - Unauthenticated Options Import vulnerability 2019-09-09
Advanced Access Manager WordPress Advanced Access Manager plugin <= 5.9.8.1 - Arbitrary File Access/Download vulnerability 2019-09-09
Search Exclude WordPress Search Exclude plugin <= 1.2.2 - Arbitrary Settings Change vulnerability 2019-09-08
ECPay Logistics for WooCommerce WordPress ECPay Logistics for WooCommerce plugin <= 1.2.181030 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
API Bearer Auth WordPress API Bearer Auth plugin <= 20181229 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-06
WordPress WordPress core <= 5.2.2 - Cross-Site Scripting (XSS) vulnerability 2019-09-05
Spryng Payments for WooCommerce WordPress Spryng Payments for WooCommerce plugin <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Portrait-Archiv.com Photostore WordPress Portrait-Archiv.com Photostore plugin <= 3.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-09-04
Event Tickets WordPress Event Tickets plugin <= 4.10.7.1 - CSV Injection vulnerability 2019-09-03
WooCommerce Product Feed for Google, Facebook, eBay and Many More WordPress WooCommerce Product Feed plugin <= 3.1.14 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-08-30