ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
NextGEN Gallery WordPress NextGEN Gallery plugin <=2.2.46 - Gallery Paths Not Secured 2018-03-02
Category Order and Taxonomy Terms Order WordPress Category Order and Taxonomy Terms Order plugin <=1.5.2.2 - Authenticated PHP Object Injection vulnerability 2018-03-02
MainWP Child WordPress MainWP Child plugin <=3.4.4 - Authentication Bypass vulnerability 2018-03-02
File Manager WordPress File Manager plugin <=5.0.0 - Information Disclosure vulnerability 2018-03-02
Custom Permalinks WordPress Custom Permalinks plugin <=1.1 - Authenticated SQL Injection (SQLi) vulnerability 2018-02-26
Custom Permalinks WordPress Custom Permalinks plugin <=1.1 - Cross-Site Scripting (XSS) vulnerability 2018-02-26
Photo Gallery by WD WordPress Photo Gallery by WD plugin <=1.3.66 - Cross-Site Scripting (XSS) vulnerability 2018-02-26
WP Fastest Cache WordPress WP Fastest Cache plugin <=0.8.7.4 - Blind SQL Injection (SQLi) vulnerability 2018-02-26
WooCommerce WordPress WooCommerce plugin <=3.2.3 - Authenticated PHP Object Injection vulnerability 2018-02-23
Ninja Forms WordPress Ninja Forms plugin <=3.2.13 - Cross-Site Scripting (XSS) vulnerability 2018-02-22
Simple Contact Info Simple Contact Info plugin <= v1.1.9 - Authenticated Arbitrary File Deletion Vulnerability 2018-02-07
flickrRSS WordPress flickrRSS plugin <= 5.3.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-02-07
flickrRSS WordPress flickrRSS plugin <=5.3.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-02-07
Instagram Feed WordPress Instagram Feed plugin <=1.5.1 - Cross-Site Scripting (XSS) vulnerability 2018-02-07
PropertyHive WordPress PropertyHive plugin <=1.4.14 - Cross-Site Scripting (XSS) vulnerability 2018-02-05
WordPress WordPress <=4.9.2 - Application Denial of Service (DoS) vulnerability 2018-02-05
Splashing Images WordPress Splashing Images plugin <=2.1 - Authenticated PHP Object Injection vulnerability 2018-01-30
Splashing Images WordPress Splashing Images plugin <=2.1 - Cross-Site Scripting (XSS) vulnerability 2018-01-30
Social Media Widget by Acurax WordPress Social Media Widget by Acurax plugin <=3.2.5 - Stored Cross-Site Scripting (XSS) vulnerability 2018-01-30
Social Media Widget by Acurax WordPress Social Media Widget by Acurax plugin <=3.2.5 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-30