ThreatPress

WordPress Vulnerability Database

WordPress Plugin Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
BuddyPress WordPress BuddyPress plugin <= 6.3.0 - Excessive user capabilities in possible rich text fields vulnerability 2020-11-29
AccessPress Social Icons WordPress Accesspress Social Icons plugin <= 1.8.0 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-28
WP Google Map Plugin WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability 2020-11-25
Events Manager WordPress Events Manager plugin <= 5.9.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-25
WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated SQL Injection (SQLi) vulnerability 2020-11-25
WPJobBoard WordPress WPJobBoard plugin <= 5.6.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) / Cross-Frame Scripting (XFS) vulnerabilities 2020-11-25
Elementor Website Builder WordPress Elementor Website Builder plugin <= 3.0.13 - Unrestricted SVG Uploads vulnerability 2020-11-25
Media Library Assistant WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability 2020-11-24
Secure File Manager WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability 2020-11-23
WooCommerce Anti-Fraud WordPress WooCommerce Anti-Fraud premium plugin <= 3.2 - Unauthenticated order status manipulation 2020-11-22
Spam protection, AntiSpam, FireWall by CleanTalk WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities 2020-11-20
weForms WordPress weForms plugin <= 1.4.7 - CSV Injection vulnerability 2020-11-20
Easy Registration Forms WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability 2020-11-20
Import and export users and customers WordPress Import and export users and customers plugin <= 1.16.3.5 - CSV Injection vulnerability 2020-11-20
Contextual Related Posts WordPress Contextual Related Posts plugin <= 2.9.3 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability 2020-11-19
Fancy Product Designer WordPress Fancy Product Designer plugin <= 4.5.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2020-11-18
WP Activity Log WordPress WP Activity Log plugin <= 4.1.4 - SQL Injection (SQLi) in External Database Module vulnerability 2020-11-14
AIT CSV Import / Export WordPress AIT CSV Import / Export plugin <= 3.0.3 - Unauthenticated Arbitrary File Upload vulnerability 2020-11-13
BA Book Everything WordPress BA Book Everything plugin <= 1.3.24 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities 2020-11-12
Ultimate Reviews WordPress Ultimate Reviews plugin <= 2.1.32 - Insecure Deserialization vulnerability leading to unauthenticated PHP object injection 2020-11-10