ThreatPress

WordPress Vulnerability Database

WordPress Plugin Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Doneren met Mollie WordPress Doneren met Mollie plugin <= 2.8.4 - Authenticated Information Disclosure vulnerability 2021-01-22
Contact Form 7 Database Addon – CFDB7 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability 2021-01-21
Digital Climate Strike WP WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites 2021-01-20
Under Construction WordPress Under Construction plugin <= 3.85 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-20
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability 2021-01-19
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability 2021-01-19
123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary File Upload vulnerability 2021-01-19
301 Redirects WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability 2021-01-18
Stockdio Historical Chart WordPress Stockdio Historical Chart plugin <= 2.7.2 - Cross-Site Scripting (XSS) vulnerability 2021-01-16
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-15
Simple Job Board WordPress Simple Job Board plugin <= 2.9.3 - Authenticated Directory Traversal vulnerability 2021-01-15
WP E-Signature WordPress WP E-Signature premium plugin <= 1.5.6.5 - Unauthenticated Remote Code Execution (RCE) vulnerability 2021-01-13
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability 2021-01-12
Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
Elementor Contact Form DB WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12
WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability 2021-01-12
Custom Global Variables WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
WP24 Domain Check WordPress WP24 Domain Check plugin <= 1.6.2 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11
Modal Survey WordPress Modal Survey premium plugin <= 2.0.1.8 - Multiple vulnerabilities 2021-01-08