ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Related YouTube Videos WordPress Related YouTube Videos plugin <= 1.9.8 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
Related YouTube Videos WordPress Related YouTube Videos plugin <= 1.9.8 - Cross-Site Scripting (XSS) vulnerability 2019-06-16
Affiliates Manager WordPress Affiliates Manager manager <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
Easy Digital Downloads WordPress Easy Digital Downloads plugin <= 2.9.15 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-16
Download Manager WordPress Download Manager plugin <= 2.9.96 - Multiple vulnerabilities 2019-06-16
WP Google Maps WordPress WP Google Maps plugin <= 7.11.27 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-16
WP Statistics WordPress WP Statistics plugin <= 12.6.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-06-12
User Submitted Posts WordPress User Submitted Posts plugin <= 20190426 - Arbitrary File Upload vulnerability 2019-06-11
Crelly Slider WordPress Crelly Slider plugin <= 1.3.4 - Arbitrary File Upload vulnerability 2019-06-11
Paid Memberships Pro WordPress Paid Memberships Pro plugin <= 2.0.5 - Authenticated Open Redirect vulnerability 2019-06-11
Hustle WordPress Hustle – Pop-Ups, Slide-ins and Email Opt-ins plugin <= 6.0.7 - Unauthenticated CSV Injection vulnerability 2019-06-11
ConvertPlus WordPress ConvertPlus plugin <= 3.4.2 - Unauthenticated Arbitrary User Role Creation vulnerability 2019-06-11
JobCareer WordPress JobCareer theme - 2.5 - Stored Cross-Site Scripting (XSS) vulnerability 2019-06-11
Traveler WordPress Traveler - Travel Booking Theme <=2.7.1 - Reflected & Stored Cross-Site Scripting XSS vulnerability 2019-06-11
Slick Popup WordPress Slick Popup plugin <= 1.7.1 - Privilege Escalation vulnerability 2019-06-11
WP Database Backup WordPress WP Database Backup plugin <= 5.1.2 - Unauthenticated OS Command Injection vulnerability 2019-05-29
Simple File List WordPress Simple File List plugin <= 3.2.4 - Unauthenticated Arbitrary File Download vulnerability 2019-05-27
Simple File List WordPress Simple File List plugin <= 3.2.4 - Authenticated Arbitrary File Delete vulnerability 2019-05-27
Hostel WordPress Hostel plugin <= 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-27
Event Management Tickets Booking WordPress Event Management Tickets Booking plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2019-05-27