ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Simple File List WordPress Simple File List plugin <= 3.2.4 - Unauthenticated Arbitrary File Download vulnerability 2019-05-27
Simple File List WordPress Simple File List plugin <= 3.2.4 - Authenticated Arbitrary File Delete vulnerability 2019-05-27
Hostel WordPress Hostel plugin <= 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-27
Event Management Tickets Booking WordPress Event Management Tickets Booking plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability 2019-05-27
Virim WordPress Virim plugin <= 0.4 - Unauthenticated Object Injection vulnerability 2019-05-27
Form Maker WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability 2019-05-25
WP Slimstat WordPress Slimstat plugin <= 4.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-22
WP Booking System WordPress WP Booking System <= 1.5.1.1 - CSRF vulnerability to Authenticated SQL Injection vulnerability 2019-05-22
Live Chat with Facebook Messenger WordPress Live Chat with Facebook Messenger plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability 2019-05-22
WPGraphQL WordPress WPGraphQL plugin <= 0.2.3 - Multiple Vulnerabilities 2019-05-22
Newsletter Manager WordPress Newsletter Manager plugin <= 1.4 - Unauthenticated Open Redirect vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - CSV Export vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.14.727 - SQL Injection (SQLi) vulnerability 2019-05-21
FV Flowplayer Video Player WordPress FV Flowplayer Video Player plugin <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-21
WP Live Chat Support WordPress WP Live Chat Support plugin <= 8.0.26 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-21
Register IPs WordPress Register IPs plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-05-16
Ultimate Member WordPress Ultimate Member plugin <= 2.0.45 - Multiple vulnerabilities 2019-05-16
W3 Total Cache WordPress W3 Total Cache plugin <= 0.9.7.3 - Cross-Site Scripting (XSS) vulnerability 2019-05-07
All-in-One Event Calendar WordPress All-in-One Event Calendar plugin <= 2.5.38 - Cross-Site Scripting (XSS) vulnerability 2019-05-06
My Calendar WordPress My Calendar plugin <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-05-06