WordPress Plugins Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability 2018-12-13 Jetpack WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-12 WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-11 Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10 Advanced Custom Fields WordPress Advanced Custom Fields plugin <= 5.7.7 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10 Smush Image Compression and Optimization WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities 2018-12-10 Google Analytics by Monster Insights WordPress Google Analytics by Monster Insights plugin <= 7.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07 WP Mail SMTP by WPForms WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07 Social Sharing Plugin – Kiwi WordPress Social Sharing Plugin – Kiwi plugin <= 2.0.10 - Update Any Option (bypass) vulnerability 2018-12-07 PropertyHive WordPress PropertyHive plugin <= 1.4.25 - Unvalidated Input to do_action() 2018-12-07 Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07 Redirection WordPress Redirection plugin <= 3.6.2 - Cross-Site Request Forgery (CSRF) vulnerability 2018-12-06 Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-12-04 Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability 2018-12-04 Ninja Forms WordPress Ninja Forms plugin <= 3.3.19 - Authenticated Open Redirect vulnerability 2018-12-04 Ultimate Member WordPress Ultimate Member plugin <= 2.0.32 - Cross-Site Request Forgery (CSRF) vulnerability 2018-11-27 WP-DBManager WordPress WP-DBManager plugin <= 2.79.1 - Arbitrary File Deletion vulnerability 2018-11-27 Yoast SEO WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability 2018-11-20 Ninja Forms WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-15 Better WordPress reCAPTCHA WordPress Better WordPress reCAPTCHA plugin <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13 1 2 3 4 5 ... 143 144 145