ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Gallery PhotoBlocks WordPress Gallery Photoblocks plugin <= 1.1.40 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-05
Zoner - Real Estate WordPress Zoner - Real Estate premium theme <= 4.1 - Reflected & Stored Cross-Site Scripting (XSS) vulnerability 2019-07-05
MyBookTable Bookstore WordPress MyBookTable plugin <= 3.2.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2019-07-05
Ocean Extra WordPress Ocean Extra plugin <= 1.5.8 - Unauthenticated Settings change vulnerability 2019-07-04
Ocean Extra WordPress Ocean Extra plugin <= 1.5.8 - Unauthenticated CSS injection vulnerability 2019-07-04
Essential Real Estate WordPress Essential Real Estate plugin <= 1.7.1 - Cross-Site Scripting (XSS) vulnerability 2019-07-04
Visitors Traffic Real Time Statistics WordPress Visitors Traffic Real Time Statistics plugin <= 1.12 - Cross-Site Request Forgery (CSRF) leading to Stored XSS/SQLi vulnerabilities 2019-07-04
WP Statistics WordPress WP Statistics plugin <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-07-04
Simple Mail Address Encoder WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability 2019-07-04
Widget Logic WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-02
360 Product Rotation WordPress 360 Product Rotation plugin <= 1.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-02
Watu Quiz WordPress Watu Quiz plugin <= 3.1.2.5 - Reflected Cross-Site Scripting (XSS) vulnerability 2019-07-02
Widget Logic WordPress Widget Logic plugin <= 5.10.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-07-02
Insert or Embed Articulate Content into WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.2998 - Authenticated Remote Code Execution (RCE) vulnerability 2019-07-02
Insert or Embed Articulate Content into WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.2999 - Authenticated Arbitrary Folder Deletion and Rename 2019-07-02
Live Chat Unlimited WordPress Live Chat Unlimited premium plugin <= 2.8.3 - Stored Cross-Site Scripting (XSS) vulnerability 2019-07-02
SAML SP Single Sign On WordPress SAML SP Single Sign On plugin <= 4.8.72 - Cross-Site Scripting (XSS) vulnerability 2019-06-27
WP Better Permalinks WordPress WP Better Permalinks plugin <= 3.0.4 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27
ACF: Better Search WordPress ACF Better Search plugin <= 3.3.0 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27
WebP Converter for Media WordPress WebP Converter for Media plugin <= 1.0.2 - Cross-Site Request Forgery (CSRF) vulnerability 2019-06-27