ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Deny All Firewall WordPress Deny All Firewall plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-25
WordPress SEO Plugin – Rank Math WordPress SEO By Rank Math plugin <= 1.0.27 - Authenticated Settings Reset vulnerability 2019-06-25
Sina Extension for Elementor WordPress Sina Extension For Elementor plugin <= 2.2.0 - Local File Inclusion (LFI) vulnerability 2019-06-25
ConvertPlus WordPress ConvertPlus plugin <= 3.4.4 - Multiple Security Issues and vulnerabilities 2019-06-25
Dropshix WordPress Dropshix plugin <= 4.0.11 - Arbitrary Product Import vulnerability 2019-06-25
Shortlinks by Pretty Links WordPress Shortlinks by Pretty Links plugin <= 2.1.9 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-25
Shortlinks by Pretty Links WordPress Shortlinks by Pretty Links plugin <= 2.1.9 - CSV injection vulnerability 2019-06-25
Facebook for WooCommerce WordPress Facebook for WooCommerce plugin <= 1.9.12 - Cross-Site Request Forgery (CSRF) vulnerability allowing Option Update 2019-06-25
Ninja Forms WordPress Ninja Forms plugin <= 3.3.21 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
Easy pdf restaurant menu upload WordPress Easy Pdf Restaurant Menu Upload plugin <= 1.1.1 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
GA Backend Tracking WordPress GA Backend Tracking plugin <= 1.2 - Cross-Site Scripting (XSS) vulnerability 2019-06-25
Ninja Forms WordPress Ninja Forms plugin <= 3.3.21 - SQL injection (SQLi) vulnerability 2019-06-25
Support Board WordPress Support Board premium plugin <= 1.2.8 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-25
IP Blocker Lite WordPress IP Address Blocker plugin <= 10.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability 2019-06-19
WordPress SEO Plugin – Rank Math WordPress SEO by Rank Math plugin <= 1.0.26 - Cross-Site Scripting (XSS) vulnerabilities 2019-06-18
WebP Express WordPress WebP Express plugin <= 0.14.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
WP-Members WordPress WP-Members plugin <= 3.2.7 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
Breadcrumbs by menu WordPress Breadcrumbs by menu plugin <= 1.0.1 - Cross-Site Scripting (XSS) vulnerability 2019-06-16
Breadcrumbs by menu WordPress Breadcrumbs by menu plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
Finale Lite WordPress Finale Lite plugin <= 2.9.0 - Arbitrary File Upload vulnerability 2019-06-16