ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WPS Bidouille WordPress WPS Bidouille plugin <= 1.12.2 - Cross-Site Scripting (XSS) vulnerability 2019-07-24
WPS Bidouille WordPress WPS Bidouille plugin <= 1.12.2 - Arbitrary File Upload vulnerability 2019-07-24
WPS Limit Login WordPress WPS Limit Login plugin <= 1.4.5 - Stored Cross-Site Scripting (XSS) and Protection Bypass vulnerabilities 2019-07-24
WPS Child Theme Generator WordPress WPS Child Themes Generator plugin <= 1.1 - Path Traversal vulnerability 2019-07-24
WPS Hide Login WordPress WPS Hide Login plugin <= 1.5.2.2 - Multiples Security Issues 2019-07-24
Adaptive Images for WordPress WordPress Adaptive Images for WordPress plugin <= 0.6.66 - Local File Inclusion (LFI) vulnerability 2019-07-24
Adaptive Images for WordPress WordPress Adaptive Images for WordPress plugin <= 0.6.66 - Arbitrary File Deletion vulnerability 2019-07-24
Everest Forms WordPress Everest Forms plugin <= 1.4.9 - SQL Injection (SQLi) vulnerability 2019-07-19
All-in-One WP Migration WordPress All-in-One WP Migration plugin <= 6.97 - Cross-Site Scripting (XSS) vulnerability (admin backend) 2019-07-18
Category Specific RSS feed Subscription WordPress Category Specific RSS feed Subscription plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-18
Coming Soon WordPress Coming Soon Page & Maintenance Mode plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-07-17
Appointment Hour Booking WordPress Appointment Hour Booking plugin <= 1.1.45 - Stored Cross-Site Scripting (XSS) vulnerability 2019-07-16
Ad Inserter WordPress Ad Inserter plugin <= 2.4.21 - Authenticated Remote Code Execution (RCE) vulnerability 2019-07-15
Custom Body Class WordPress WP Custom Body Class plugin <= 0.7.0 - Cross-Site Request Forgery (CSRF) > Stored Cross-Site Scripting (XSS) + Settings Update vulnerabilities 2019-07-15
Ad Inserter WordPress Ad Inserter plugin <= 2.4.19 - Authenticated Path Traversal vulnerability 2019-07-13
Hybrid Composer WordPress Hybrid Composer plugin <= 1.4.6 - Unauthenticated Options Update vulnerability 2019-07-13
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.18.727 - SQL Injection (SQLi) vulnerability 2019-07-13
School Management WordPress School Management plugin < 57.0 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities 2019-07-13
Ultimate Member WordPress Ultimate Member plugin <= 2.0.51 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities 2019-07-13
One Click SSL WordPress One Click SSL plugin <= 1.4.6 - Multiple Security Issues 2019-07-13