WordPress Plugin Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date Doneren met Mollie WordPress Doneren met Mollie plugin <= 2.8.4 - Authenticated Information Disclosure vulnerability 2021-01-22 Contact Form 7 Database Addon – CFDB7 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.3 - Insufficient Input Sanitization Leading To Authenticated SQL Injection (SQLi) vulnerability 2021-01-21 Digital Climate Strike WP WordPress Digital Climate Strike WP plugin <= 1.0.0 - Redirect to malicious websites 2021-01-20 Under Construction WordPress Under Construction plugin <= 3.85 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-20 123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Validation Bypass via Plugin Verification vulnerability 2021-01-19 123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary Post Creation vulnerability 2021-01-19 123ContactForm WordPress 123ContactForm plugin <= 1.5.6 - Arbitrary File Upload vulnerability 2021-01-19 301 Redirects WordPress 301 Redirects – Easy Redirect Manager plugin <= 2.50 - Authenticated SQL Injection (SQLi) vulnerability 2021-01-18 Stockdio Historical Chart WordPress Stockdio Historical Chart plugin <= 2.7.2 - Cross-Site Scripting (XSS) vulnerability 2021-01-16 FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-15 Simple Job Board WordPress Simple Job Board plugin <= 2.9.3 - Authenticated Directory Traversal vulnerability 2021-01-15 WP E-Signature WordPress WP E-Signature premium plugin <= 1.5.6.5 - Unauthenticated Remote Code Execution (RCE) vulnerability 2021-01-13 Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Privilege Escalation vulnerability 2021-01-12 Orbit Fox by ThemeIsle WordPress Orbit Fox by ThemeIsle plugin <= 2.10.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12 Elementor Contact Form DB WordPress Elementor Contact Form DB plugin <= 1.5 - Cross-Site Request Forgery (CSRF) via backend admin pages vulnerability 2021-01-12 WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Settings Change and Stored Cross-Site Scripting (XSS) vulnerability 2021-01-12 WP Quick FrontEnd Editor WordPress WP Quick FrontEnd Editor plugin <= 5.5 - Authenticated Content Injection vulnerability 2021-01-12 Custom Global Variables WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11 WP24 Domain Check WordPress WP24 Domain Check plugin <= 1.6.2 - Stored Cross-Site Scripting (XSS) vulnerability 2021-01-11 Modal Survey WordPress Modal Survey premium plugin <= 2.0.1.8 - Multiple vulnerabilities 2021-01-08 1 2 3 4 5 ... 173 174 175