ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Export Users to CSV WordPress Export Users to CSV plugin <= 1.4.2 - CSV Injection vulnerability 2020-02-26
Duplicator WordPress Duplicator plugin <= 1.3.26 - Unauthenticated Arbitrary File Download vulnerability 2020-02-20
GDPR Cookie Consent WordPress GDPR Cookie Consent plugin <= 1.8.2 - Improper Access Controls vulnerability 2020-02-12
Participants Database WordPress Participants Database plugin <= 1.9.5.5 - Authenticated Time Based SQL Injection (SQLi) vulnerability 2020-02-11
Profile Builder WordPress Profile Builder plugin <= 3.1.0 - User Registration With Administrator Role vulnerability 2020-02-10
Profile Builder Pro WordPress Profile Builder Pro plugin <= 3.1.0 - User Registration With Administrator Role vulnerability 2020-02-10
Events Manager Pro WordPress Events Manager Pro plugin <= 2.6.7.1 - CSV Injection vulnerability 2020-02-07
Events Manager WordPress Events Manager plugin <= 5.9.7.1 - CSV Injection vulnerability 2020-02-07
Ultimate Membership Pro Ultimate Membership Pro plugin <= 8.6 - Multiple Critical Vulnerabilities 2020-02-06
Elementor Page Builder WordPress Elementor Page Builder plugin <= 2.8.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-01-30
Elementor Page Builder WordPress Elementor Page Builder plugin <= 2.7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-29
Code Snippets WordPress Code Snippets plugin <= 2.13.3 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) vulnerability 2020-01-29
Flamingo WordPress Flamingo plugin <= 2.1 - CSV Injection vulnerability 2020-01-28
WPS Hide Login WordPress WPS Hide Login plugin <= 1.5.4.2 - Secret login page location disclosure vulnerability 2020-01-27
wpCentral WordPress wpCentral plugin <= 1.4.7 - Privilege escalation vulnerability 2020-01-24
WP DS FAQ Plus WordPress WP DS FAQ Plus plugin <= 1.4.1 - Stored Cross-Site Scripting (XSS) vulnerability 2020-01-24
Contact Form Clean and Simple WordPress Contact Form Clean and Simple plugin <= 4.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-22
Ultimate Member WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability 2020-01-22
Calculated Fields Form WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-22
AccessAlly WordPress AccessAlly plugin <= 3.3.1 - Arbitrary PHP Execution vulnerability 2020-01-21