WordPress Plugins Vulnerabilities Please use the search to find what you're looking for Product Title Disclosure Date Spam Byebye WordPress spam-byebye plugin <= 2.2.1 - Cross-Site Scripting (XSS) vulnerability 2019-01-14 User Registration WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-14 MapSVG Lite WordPress MapSVG Lite plugin <= 3.2.3 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08 JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability 2019-01-08 JSmol2WP WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08 Baggage Freight Shipping Australia WordPress Baggage Freight Shipping Australia plugin 0.1.0 - Unauthenticated Arbitrary File Upload vulnerability 2019-01-08 Google XML Sitemaps WordPress Google XML Sitemaps plugin <= 4.0.9 - Authenticated Cross-Site Scripting (XSS) vulnerability 2019-01-08 WP AutoSuggest WordPress WP AutoSuggest plugin 0.24 - Unauthenticated SQL Injection (SQLi) vulnerability 2019-01-08 Two Factor Authentication WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability 2019-01-08 WooCommerce WordPress WooCommerce plugin <= 3.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2019-01-07 WP Job Manager WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability 2019-01-07 Adicon Server WordPress Adicon Server plugin <= 1.2 - SQL Injection (SQLi) vulnerability 2019-01-07 Audio Record WordPress Audio Record plugin 1.0 - Arbitrary File Upload vulnerability 2019-01-07 Import users from CSV with meta WordPress Import users from CSV with meta plugin <= 1.12 - Cross-Site Scripting (XSS) vulnerability 2018-12-13 Jetpack WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-12 WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-11 Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10 Advanced Custom Fields WordPress Advanced Custom Fields plugin <= 5.7.7 - Authenticated Cross-Site Scripting (XSS) vulnerability 2018-12-10 Smush Image Compression and Optimization WordPress Smush Image Compression and Optimization plugin <= 2.9.1 - Authenticated XSS & Phar Deserialization vulnerabilities 2018-12-10 Google Analytics by Monster Insights WordPress Google Analytics by Monster Insights plugin <= 7.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07 2 3 4 5 6 ... 146 147 148