ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Wise Chat WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability 2019-01-25
Social Network Tabs WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability 2019-01-17
Easy Redirect Manager WordPress Easy Redirect Manager plugin 2.18.18 - Cross-Site Scripting (XSS) vulnerability 2019-01-15
Spam Byebye WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability 2019-01-14
User Registration WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-14
MapSVG Lite WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
Baggage Freight Shipping Australia WordPress Baggage Freight Shipping Australia plugin 0.1.0 - Unauthenticated Arbitrary File Upload vulnerability 2019-01-08
Google XML Sitemaps WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
WP AutoSuggest WordPress WP AutoSuggest plugin 0.24 - Unauthenticated SQL Injection (SQLi) vulnerability 2019-01-08
Two Factor Authentication WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
WooCommerce WordPress WooCommerce plugin <= 3.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-01-07
WP Job Manager WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability 2019-01-07
Adicon Server WordPress Adicon Server plugin <= 1.2 - SQL Injection (SQLi) vulnerability 2019-01-07
Audio Record WordPress Audio Record plugin 1.0 - Arbitrary File Upload vulnerability 2019-01-07
WordPress WordPress <= 5.0 - Authenticated File Delete vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Post Type Bypass vulnerability 2018-12-13
WordPress WordPress <= 5.0 - PHP Object Injection via Meta Data vulnerability 2018-12-13
WordPress WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-13