ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Background Takeover WordPress Background Takeover plugin <=4.1.4 - Directory Traversal vulnerability 2018-04-09
Relevanssi WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability 2018-04-09
Contact Form 7 to Database Extension WordPress Contact Form 7 to Database Extension plugin 2.10.32 - CSV Injection vulnerability 2018-04-09
WordPress File Upload WordPress File Upload plugin <=4.3.3 - Cross-Site Scripting (XSS) vulnerability 2018-04-09
WP Live Chat Support WordPress WP Live Chat Support plugin <=8.0.05 - Unauthenticated Stored XSS vulnerability 2018-04-09
WP Security Audit Log WordPress WP Security Audit Log plugin <=3.1.1 - Sensitive Information Disclosure 2018-04-05
My Calendar WordPress My Calendar plugin <=2.5.16 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-04-05
WordPress WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter 2018-04-05
WordPress WordPress <=4.9.4 - Use Safe Redirect for Login 2018-04-05
WordPress WordPress <=4.9.4 - Escape Version in Generator Tag 2018-04-05
WordPress File Upload WordPress File Upload plugin <=4.3.2 - Security Issue in plugin shortcodes 2018-04-03
Activity Log WordPress Activity Log plugin <=2.4.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-03-28
Duplicator WordPress Duplicator plugin <=1.2.32 - Cross-Site Scripting (XSS) vulnerability 2018-03-28
Events Manager WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability 2018-03-28
Site Editor WordPress Site Editor plugin <=1.1.1 - Local File Inclusion (LFI) vulnerability 2018-03-19
WP Support Plus Responsive Ticket System WordPress WP Support Plus Responsive Ticket System plugin <=9.0.2 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities 2018-03-15
WP Job Manager WordPress WP Job Manager plugin <=1.29.2 - Unauthenticated Object Injection vulnerability 2018-03-15
Super Socializer WordPress Super Socializer plugin <=7.10.6 - Authentication Bypass vulnerability 2018-03-15
Import any XML or CSV File to WordPress WordPress Import any XML or CSV File to WordPress plugin <=3.4.6 - Cross-Site Scripting (XSS) vulnerability 2018-03-13
WP Retina 2x WordPress WP Retina 2x plugin <=5.2.0 - Cross-Site Scripting (XSS) vulnerability 2018-03-13