ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
AIT CSV Import / Export WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability 2020-11-13
BA Book Everything WordPress BA Book Everything plugin <= 1.3.24 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities 2020-11-12
Love Travel WordPress Love Travel premium theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities 2020-11-12
Ultimate Reviews WordPress Ultimate Reviews plugin <= 2.1.32 - Insecure Deserialization vulnerability leading to unauthenticated PHP object injection 2020-11-10
Ultimate Member WordPress Ultimate Member plugin <= 2.1.11 - Unauthenticated/Authenticated Privilege Escalation 2020-11-09
WooCommerce Blocks WordPress WooCommerce Blocks plugin <= 3.7.0 - Guest Account Creation vulnerability 2020-11-06
WooCommerce WordPress WooCommerce plugin <= 4.6.1 - Guest Account Creation vulnerability 2020-11-06
Abandoned Cart Lite WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.8.2 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-11-05
Welcart e-Commerce WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability 2020-11-05
Augmented Reality WordPress Augmented Reality plugin <= 1.2.0 - Unauthenticated PHP File Upload leading to Remote Code Execution (RCE) vulnerability 2020-11-05
GDPR CCPA Compliance Support WordPress GDPR CCPA Compliance Support plugin <= 2.3 - Insecure Deserialization / Unauthenticated PHP Object Injection vulnerability 2020-11-03
SW Ajax WooCommerce Search WordPress SW Ajax WooCommerce Search plugin <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) / Cross-Frame Scripting (XFS) vulnerabilities 2020-10-30
WordPress WordPress <= 5.5.1 - Cross-Site Request Forgery (CSRF) vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Stored Cross-Site Scripting (XSS) in Post Slugs vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Unauthenticated Denial-of-Service (DoS) Attack to Remote Code Execution (RCE) vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - XML-RPC Privilege Escalation vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Cross-Site Scripting (XSS) via Global Variables vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability 2020-10-29
WordPress WordPress <= 5.5.1 - Mishandled deserialization requests vulnerability 2020-10-29