ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Stats Dashboard WordPress WP Stats Dashboard <= 2.9.4 - Blind SQL Injection 2015-11-24
WP Support Plus Responsive Ticket System WordPress WP Support Plus Responsive Ticket System plugin <=9.0.2 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities 2018-03-15
WP Ultimate Exporter WordPress WP Ultimate Exporter Plugin <= 1.1 - SQL Injection 2016-02-25
WP-Testimonials WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability 2017-06-03
WP Data Tables WordPress WPDataTables Plugin 1.5.3 - SQL Injection 2014-11-24
wpForo Forum WordPress wpForo Forum plugin <= 1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-06-20
wpForo Forum WordPress wpForo Forum plugin <=1.4.9 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-05-30
WPHRM WordPress WPHRM plugin <= 1.0 - Authenticated SQL Injection 2017-10-11
WPML - WordPress Multilingual WordPress WPML Plugin <= 3.1.8 - SQL Injection #1 2015-03-30
WPML - WordPress Multilingual WordPress WPML Plugin <= 3.1.8 - SQL Injection #2 2015-03-17
wpSS WordPress wpSS Plugin - SQL Injection 2014-08-06
WPtouch WordPress WPtouch Plugin - SQL Injection Vulnerability 2011-10-27
WPtouch WordPress WPtouch Plugin <= 1.9.8 - SQL Injection 2014-08-01
WTI Like Post WordPress WTI Like Post Plugin <= 1.4.2 - Blind SQL Injection 2015-07-05
Wysija Newsletters WordPress Wysija Newsletters Plugin - Multiple SQL Injection Vulnerabilities 2013-02-06
Xtreme Locator WordPress Xtreme Locator Plugin <= 1.5 - SQL Injection 2016-12-14
YAWPP WordPress YAWPP Plugin <= 1.2 - Multiple SQL Injection 2014-08-06
Yet Another Stars Rating WordPress Yet Another Stars Rating Plugin <= 0.9.0 - Blind SQL Injection 2015-07-06
YITH WooCommerce Wishlist WordPress YITH WooCommerce Wishlist plugin <=2.1.2 - Authenticated SQL Injection (SQLi) vulnerability 2018-01-17
Yolink Search WordPress yolink Search Plugin <= 1.1.4 - SQL Injection 2011-08-30