ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Enfold WordPress Enfold theme <=4.2 - Rewrite Portfolio Permalink Structure & Information Disclosure 2018-01-30
User Control WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-01-30
BuddyBoss Media WordPress BuddyBoss Media plugin <=3.2.3 - Stored Cross-Site Scripting (XSS) vulnerability 2018-01-22
Dark Mode WordPress Dark Mode plugin <=1.6 - Multiple stored Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Pinterest Feed WordPress Pinterest Feed plugin <=1.1.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Pinterest Feed WordPress Pinterest Feed plugin <=1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22
Coming Soon WordPress Coming Soon plugin <=1.1.18 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Coming Soon WordPress Coming Soon plugin <=1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22
read-and-understood WordPress read-and-understood plugin <= 2.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
read-and-understood WordPress read-and-understood plugin <=2.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22
Booking Calendar WordPress Booking calendar plugin <=2.1.7 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-01-22
Booking Calendar WordPress Booking calendar plugin <=2.1.7 - Cross-Site Request Forgery (CSRF) vulnerability 2018-01-22
Google Forms WordPress Google Forms plugin <=0.91 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability 2018-01-22
Email Subscribers & Newsletters WordPress Email Subscribers & Newsletters plugin <=3.4.7 - Missing Function Level Access Control vulnerability 2018-01-19
WordPress WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability 2018-01-17
YITH WooCommerce Wishlist WordPress YITH WooCommerce Wishlist plugin <=2.1.2 - Authenticated SQL Injection (SQLi) vulnerability 2018-01-17
wpglobus WordPress Wpglobus <= 1.9.6 - Multiple vulnerabilities 2018-01-12
Srbtranslatin WordPress Srbtranslatin <= 1.4.6 - Stored Cross-site scripting (XSS) & Cross-site request forgery (CSRF) vulnerabilities 2018-01-12
Smooth Slider WordPress Smooth Slider plugin <=2.8.6 - Authenticated SQL Injection vulnerability 2018-01-11
Dbox 3D Slider Lite WordPress Dbox 3D Slider Lite plugin <=1.2.2 - Multiple Authenticated SQL injection vulnerabilities 2018-01-11