ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
ARForms WordPress ARForms plugin <= 3.5.1 - Unauthenticated Arbitrary File Deletion vulnerability 2018-10-29
Pie Register WordPress Pie Register plugin <= 3.0.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-10-29
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Object Injection vulnerability 2018-10-29
PDF & Print WordPress PDF & Print plugin <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS) vulnerability 2018-10-03
Breadcrumb NavXT WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API 2018-10-03
Wechat Broadcast WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability 2018-10-03
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.2.0.727 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-10-03
Localize My Post WordPress Localize My Post plugin 1.0 - Unauthenticated Local File Inclusion (LFI) vulnerability 2018-10-03
Contact Form 7 WordPress Contact Form 7 plugin <= 5.0.3 - Privilege Escalation vulnerability 2018-09-13
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <=6.6.4 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
Userpro WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
File Manager WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-09-09
Duplicator WordPress Duplicator plugin <= 1.2.40 - Arbitrary Code Execution vulnerability 2018-09-05
Image Intense Plugin WordPress Image Intense premium plugin <= 3.2.5 - Authenticated SQL Injection (SQLi) vulnerability 2018-09-05
Jibu Pro WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-09-01
WooCommerce WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability 2018-09-01
Export Users to CSV WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability 2018-09-01
Ajax BootModal Login WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability 2018-09-01
Gift Vouchers WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-09-01
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28