ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Contact Form Clean and Simple WordPress Contact Form Clean and Simple plugin <= 4.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-01-22
Ultimate Member WordPress Ultimate Member plugin <= 2.1.2 - Insecure Direct Object Reference (IDOR) vulnerability 2020-01-22
Ultimate Auction WordPress Ultimate Auction plugin <= 4.0.5 - Multiple CSRF & XSS vulnerabilities 2020-01-09
InfiniteWP Client WordPress InfiniteWP Client plugin <= 1.9.4.4 - Authentication Bypass vulnerability 2020-01-08
Minimal Coming Soon & Maintenance Mode – Coming Soon Page WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability 2020-01-08
Backup and Staging by WP Time Capsule WordPress Backup and Staging by WP Time Capsule plugin <= 1.21.15 - Authentication Bypass vulnerability 2020-01-08
Ultimate FAQ WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-01-07
Postie WordPress Postie plugin <= 1.9.40 - Stored Cross-Site Scripting (XSS) and post submission spoofing vulnerabilities 2020-01-06
Import users from CSV with meta WordPress Import Users From CSV with Meta plugin 1.15 - Unauthorised Authenticated Users Export vulnerability 2020-01-06
Divi Builder WordPress Divi Builder plugin <= 4.0.9 - Authenticated Code Injection vulnerability 2020-01-05
WooCommerce Conversion Tracking WordPress WooCommerce Conversion Tracking plugin <=2.0.4 - Cross-Site Request Forgery (CSRF) to XSS vulnerability 2020-01-05
Photo Gallery – Image Gallery by Ape WordPress Photo Gallery – Image Gallery by Ape plugin <= 2.0.6 - Authenticated Arbitrary plugin deactivation 2020-01-02
Donorbox WordPress Donorbox plugin 7.1-7.1.1 - Stored Cross-Site Scripting (XSS) via plugin shortcode 2020-01-02
GDPR Cookie Compliance WordPress GDPR Cookie Compliance plugin <= 4.0.2 - Authenticated Settings Reset vulnerability 2019-12-27
bbPress Login Register Links On Forum Topic Pages WordPress bbPress Login Register Links On Forum Topic Pages plugin <= 2.7.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability 2019-12-27
bbPress Members Only WordPress bbPress Members Only plugin <= 1.2.1 - Cross-Site Request Forgery (CSRF) vulnerability 2019-12-27
Featured Image from URL WordPress Featured Image from URL plugin <= 2.7.7 - Missing Access Controls on REST routes vulnerability 2019-12-27
Rencontre – Dating Site WordPress Rencontre – Dating Site plugin <= 3.2.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities 2019-12-27
301 Redirects WordPress 301 Redirects plugin <= 2.40 - Authenticated Arbitrary Redirect Injection, XSS, and CSRF vulnerabilities 2019-12-20
Quiz And Survey Master WordPress Quiz And Survey Master plugin <= 6.3.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2019-12-15