ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Cost Estimation & Payment Forms Builder WordPress WP Cost Estimation plugin < 9.644 - Arbitrary File Upload and Delete vulnerability 2019-02-14
WP Cost Estimation & Payment Forms Builder WordPress WP Cost Estimation plugin < 9.660 - Upload Directory Traversal vulnerability 2019-02-14
Simple Social Media Share Buttons WordPress Simple Social Media Share Buttons plugin 2.0.4-2.0.21 - Authenticated Option Injection vulnerability 2019-02-12
Parallax Scroll WordPress Parallax Scroll plugin <= 2.0.1 - Cross-Site Scripting (XSS) vulnerability 2019-02-06
Forminator WordPress Forminator plugin <= 1.5.4 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability 2019-02-06
Forminator WordPress Forminator plugin <= 1.5.4 - Authenticated Blind SQL Injection (SQLi) vulnerability 2019-02-06
Yet Another Stars Rating WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability 2019-01-28
Health Check & Troubleshooting WordPress Health Check & Troubleshooting plugin <= 1.2.3 - Authenticated Path Traversal vulnerability 2019-01-28
Health Check & Troubleshooting WordPress Health Check & Troubleshooting plugin <= 1.2.3 - Authenticated Lack of Authorisation (privilege escalation) vulnerability 2019-01-28
Wise Chat WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability 2019-01-25
Social Network Tabs WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability 2019-01-17
Easy Redirect Manager WordPress Easy Redirect Manager plugin 2.18.18 - Cross-Site Scripting (XSS) vulnerability 2019-01-15
Spam Byebye WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability 2019-01-14
User Registration WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-14
MapSVG Lite WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-01-08
JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
Baggage Freight Shipping Australia WordPress Baggage Freight Shipping Australia plugin 0.1.0 - Unauthenticated Arbitrary File Upload vulnerability 2019-01-08
Google XML Sitemaps WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08
WP AutoSuggest WordPress WP AutoSuggest plugin 0.24 - Unauthenticated SQL Injection (SQLi) vulnerability 2019-01-08