ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Two Factor Authentication WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08
WooCommerce WordPress WooCommerce plugin <= 3.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-01-07
WP Job Manager WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability 2019-01-07
Adicon Server WordPress Adicon Server plugin <= 1.2 - SQL Injection (SQLi) vulnerability 2019-01-07
Audio Record WordPress Audio Record plugin 1.0 - Arbitrary File Upload vulnerability 2019-01-07
Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability 2018-12-13
Jetpack WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-12
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-11
Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10
Advanced Custom Fields WordPress Advanced Custom Fields plugin <= 5.7.7 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10
Smush Image Compression and Optimization WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities 2018-12-10
Google Analytics by Monster Insights WordPress Google Analytics by Monster Insights plugin <= 7.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
WP Mail SMTP by WPForms WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Social Sharing Plugin – Kiwi WordPress Social Sharing Plugin – Kiwi plugin <= 2.0.10 - Update Any Option (bypass) vulnerability 2018-12-07
PropertyHive WordPress PropertyHive plugin <= 1.4.25 - Unvalidated Input to do_action() 2018-12-07
Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Redirection WordPress Redirection plugin <= 3.6.2 - Cross-Site Request Forgery (CSRF) vulnerability 2018-12-06
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-12-04
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability 2018-12-04
Ninja Forms WordPress Ninja Forms plugin <= 3.3.19 - Authenticated Open Redirect vulnerability 2018-12-04