ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WordPress WordPress 2.0 - 2.7.1 - Module Configuration Security Bypass Vulnerability 2009-11-10
WP Cumulus WordPress WP-Cumulus Plugin 1.x - Cross-Site Scripting Vulnerability 2009-11-09
WordPress WordPress <= 2.8.5 - XSS 2009-11-05
JD WordPress JD-WordPress 2.0 RC2 - Remote file inclusion 2009-10-19
WP Forum Server WordPress WP Forum Server Plugin <= 2.3 - Multiple SQL Injection 2009-10-15
WordPress WordPress <= 2.8.4 - Algorithmic complexity 2009-10-09
Peter's Math Anti-Spam WordPress Peter's Math Anti-Spam Plugin - BYPASS 2009-09-11
NextGEN Gallery WordPress NextGEN Gallery Plugin <= 0.96 - XSS 2009-09-07
WP Syntax WordPress WP-Syntax Plugin <= 0.9.1 - Remote Command Execution 2009-08-27
Simple:Press WordPress Simple Forum Plugin - SQL Injection 2009-08-23
WordPress WordPress <= 2.8.2 - Multiple Vulnerabilities #2 2009-08-18
WordPress WordPress <= 2.8.2 - Multiple Vulnerabilities #1 2009-08-18
WordPress WordPress <= 2.8.2 - BYPASS 2009-08-13
WordPress WordPress 2.8.1 - Remote Cross-Site Scripting Vulnerability 2009-07-24
My Category Order WordPress My Category Order Plugin <= 2.8 - SQL Injection Vulnerability 2009-07-15
WordPress WordPress - Privileges Unchecked in admin.php and Multiple Information 2009-07-10
WordPress WordPress <= 2.8.0 - Multiple vulnerabilities 2009-07-10
WordPress WordPress <= 2.7.1 - Information Disclosure 2009-07-10
WordPress WordPress <= 2.8.0 - Multiple Existing/Non-Existing Username Enumeration Weaknesses 2009-07-05
Related Sites WordPress Related Sites Plugin 2.1 - Blind SQL Injection Vulnerability 2009-06-30