ThreatPress

WordPress Vulnerability Database

WordPress Plugin Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Redux WordPress Redux plugin <= 4.1.20 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-12-15
Redux WordPress Redux Framework <= 4.1.23 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-12-15
Directories Pro WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-14
Directories Pro WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Self-Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-14
Popup Builder WordPress Popup Builder plugin <= 3.69.6 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities 2020-12-14
Ultimate Category Excluder WordPress Ultimate Category Excluder plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability 2020-12-11
PageLayer WordPress PageLayer plugin <= 1.3.4 - Reflected Cross_site Scripting (XSS) vulnerability 2020-12-10
DiveBook WordPress DiveBook plugin <= 1.1.4 - Improper Authorisation Check vulnerability 2020-12-09
DiveBook WordPress DiveBook plugin <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability 2020-12-09
DiveBook WordPress DiveBook plugin <= 1.1.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-12-09
Easy WP SMTP WordPress Easy WP SMTP plugin <= 1.4.2 - Unauthenticated Admin Password Reset 2020-12-07
Themify Portfolio Post WordPress Themify Portfolio Post plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-12-04
Paid Memberships Pro WordPress Paid Memberships Pro plugin <= 2.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2020-12-03
Profile Builder Pro WordPress Profile Builder Pro premium plugin <= 3.3.2 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-12-02
Profile Builder WordPress Profile Builder plugin <= 3.3.2 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-12-02
eventON WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability 2020-12-01
Canto WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability 2020-12-01
Age Gate WordPress WordPress Age Gate plugin <= 2.13.4 - URL Redirection to Untrusted Site ('Open Redirect') vulnerability 2020-11-30
Events Manager WordPress Events Manager plugin <= 5.9.7.3 - Cross-Site Scripting (XSS) vulnerability 2020-11-30
Events Manager WordPress Events Manager plugin <= 5.9.7.3 - SQL Injection (SQLi) vulnerability 2020-11-30