WordPress Plugin Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date BuddyPress WordPress BuddyPress plugin <= 6.3.0 - Excessive user capabilities in possible rich text fields vulnerability 2020-11-29 AccessPress Social Icons WordPress Accesspress Social Icons plugin <= 1.8.0 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-28 WP Google Map Plugin WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-25 Events Manager WordPress Events Manager plugin <= 5.9.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-25 WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-11-25 WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) / Cross-Frame Scripting (XFS) vulnerabilities 2020-11-25 Elementor Website Builder WordPress Elementor Website Builder plugin <= 3.0.13 - Unrestricted SVG Uploads vulnerability 2020-11-25 Media Library Assistant WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-11-24 Secure File Manager WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability 2020-11-23 WooCommerce Anti-Fraud WordPress WooCommerce Anti-Fraud premium plugin <= 3.2 - Unauthenticated order status manipulation 2020-11-22 Spam protection, AntiSpam, FireWall by CleanTalk WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities 2020-11-20 weForms WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability 2020-11-20 Easy Registration Forms WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability 2020-11-20 Import and export users and customers WordPress Import and export users and customers plugin <= 1.16.3.5 - CSV Injection vulnerability 2020-11-20 Contextual Related Posts WordPress Contextual Related Posts plugin <= 2.9.3 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-11-19 Fancy Product Designer WordPress Fancy Product Designer plugin <= 4.5.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-18 WP Activity Log WordPress WP Activity Log plugin <= 4.1.4 - SQL Injection (SQLi) in External Database Module vulnerability 2020-11-14 AIT CSV Import / Export WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability 2020-11-13 BA Book Everything WordPress BA Book Everything plugin <= 1.3.24 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities 2020-11-12 Ultimate Reviews WordPress Ultimate Reviews plugin <= 2.1.32 - Insecure Deserialization vulnerability leading to unauthenticated PHP object injection 2020-11-10 2 3 4 5 6 ... 173 174 175