ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Userpro WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability 2018-09-09
File Manager WordPress File Manager plugin <= 2.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-09-09
Duplicator WordPress Duplicator plugin <= 1.2.40 - Arbitrary Code Execution vulnerability 2018-09-05
Image Intense Plugin WordPress Image Intense premium plugin <= 3.2.5 - Authenticated SQL Injection (SQLi) vulnerability 2018-09-05
Jibu Pro WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-09-01
WooCommerce WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability 2018-09-01
Export Users to CSV WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability 2018-09-01
Ajax BootModal Login WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability 2018-09-01
Gift Vouchers WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-09-01
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Chained Quiz WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-08-28
Supreme Directory WordPress Supreme Directory theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Plainview Activity Monitor WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - Cross-Site Scripting (XSS) vulnerability 2018-08-28
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Unauthenticated Arbitrary File Upload vulnerability 2018-08-09
Gwolle Guestbook WordPress Gwolle Guestbook plugin <= 2.5.3 - Cross-Site Scripting (XSS) vulnerability 2018-08-09
Strong Testimonials WordPress Strong Testimonials plugin <= 2.31.4 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Snazzy Maps WordPress Snazzy Maps plugin <= 1.1.3 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Multi Step Form WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities 2018-08-09