ThreatPress

WordPress Vulnerability Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

All WordPress Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Simple Download Monitor WordPress Simple Download Monitor plugin <= 3.8.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2020-10-21
WP-Lister for eBay WordPress WP-Lister for eBay plugin <= 2.0.20 - Unauthenticated Path Traversal vulnerability 2020-10-20
WP-Lister for Amazon WordPress WP-Lister for Amazon plugin <= 0.9.6.35 - Unauthenticated Path Traversal vulnerability 2020-10-20
TI WooCommerce Wishlist WordPress TI WooCommerce Wishlist plugin <= 1.21.11 - Authenticated WP Options Change vulnerability 2020-10-16
TI WooCommerce Wishlist Premium WordPress TI WooCommerce Wishlist Premium plugin <= 1.21.4 - Authenticated WP Options Change vulnerability 2020-10-16
Comment Press WordPress Comment Press premium plugin <= 2.7.0 - Unauthenticated Cross-Frame Scripting (XSS) vulnerability 2020-10-15
Quick Chat WordPress Quick Chat plugin <= 4.14 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-10-14
Quick Chat WordPress Quick Chat plugin <= 4.14 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-10-14
Child Theme Creator WordPress Child Theme Creator by Orbisius plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) to Arbitrary File Modification/Creation vulnerability 2020-10-14
Mailster WordPress Mailster plugin <= 2.4.8 - Stored Cross-Site Scripting (XSS) vulnerability 2020-10-14
Live Chat – Live support WordPress Live Chat - Live support plugin <= 3.1.0 - Cross-Site Request Forgery (CSRF) vulnerability 2020-10-14
PowerPress Podcasting WordPress PowerPress Podcasting plugin <= 8.3.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability 2020-10-11
Good LMS WordPress Good LMS premium plugin <= 2.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-10-10
Dynamic Content for Elementor WordPress Dynamic Content for Elementor premium plugin <= 1.9.5.6 - Authenticated Remote Code Execution (RCE) vulnerability 2020-10-08
HyperComments WordPress HyperComments plugin <= 1.2.2 - Unauthenticated Arbitrary File Deletion vulnerability 2020-10-07
WPBakery Page Builder WordPress WPBakery Page Builder premium plugin <= 6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-10-07
Real Estate 7 WordPress Real Estate 7 premium theme <= 3.0.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-10-07
Team Showcase WordPress Team Showcase plugin <= 1.22.15 - PHP Object Injection vulnerability 2020-10-05
Post Grid WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability 2020-10-05
Team Showcase WordPress Team Showcase plugin <= 1.22.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-10-05