ThreatPress

WordPress Vulnerabilities Database

WordPress Plugins Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
Image Intense Plugin WordPress Image Intense premium plugin <= 3.2.5 - Authenticated SQL Injection (SQLi) vulnerability 2018-09-05
Jibu Pro WordPress Jibu Pro plugin <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-09-01
WooCommerce WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability 2018-09-01
Export Users to CSV WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability 2018-09-01
Ajax BootModal Login WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability 2018-09-01
Gift Vouchers WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-09-01
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-08-28
Chained Quiz WordPress Chained Quiz plugin <= 1.0.8 - Unauthenticated SQL Injection (SQLi) vulnerability 2018-08-28
Plainview Activity Monitor WordPress Plainview Activity Monitor plugin <= 20161228 - Remote Command Execution (RCE) vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability 2018-08-28
Ninja Forms WordPress Ninja Forms plugin <= 3.3.13 - Cross-Site Scripting (XSS) vulnerability 2018-08-28
Ultimate Member WordPress Ultimate Member plugin <= 2.0.21 - Unauthenticated Arbitrary File Upload vulnerability 2018-08-09
Gwolle Guestbook WordPress Gwolle Guestbook plugin <= 2.5.3 - Cross-Site Scripting (XSS) vulnerability 2018-08-09
Strong Testimonials WordPress Strong Testimonials plugin <= 2.31.4 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Snazzy Maps WordPress Snazzy Maps plugin <= 1.1.3 - Multiple Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Multi Step Form WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities 2018-08-09
Geo Mashup WordPress Geo Mashup plugin <= 1.10.3 - Unspecified Cross-Site Scripting (XSS) vulnerability 2018-07-18
All In One Favicon WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities 2018-07-18
iThemes Security WordPress iThemes Security plugin <= 7.0.2 - Authenticated SQL Injection (SQLi) vulnerability 2018-06-25
WordPress Comments Import & Export WordPress Comments Import & Export plugin <= 2.0.4 - CSV Injection vulnerability 2018-06-22