ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WP Mail SMTP by WPForms WordPress WP Mail SMTP by WPForms plugin <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Social Sharing Plugin – Kiwi WordPress Social Sharing Plugin – Kiwi plugin <= 2.0.10 - Update Any Option (bypass) vulnerability 2018-12-07
PropertyHive WordPress PropertyHive plugin <= 1.4.25 - Unvalidated Input to do_action() 2018-12-07
Contact Form by WPForms WordPress Contact Form by WPForms plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-12-07
Redirection WordPress Redirection plugin <= 3.6.2 - Cross-Site Request Forgery (CSRF) vulnerability 2018-12-06
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability 2018-12-04
Arigato Autoresponder and Newsletter WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated reflected Cross-Site Scripting (XSS) vulnerability 2018-12-04
Ninja Forms WordPress Ninja Forms plugin <= 3.3.19 - Authenticated Open Redirect vulnerability 2018-12-04
Ultimate Member WordPress Ultimate Member plugin <= 2.0.32 - Cross-Site Request Forgery (CSRF) vulnerability 2018-11-27
WP-DBManager WordPress WP-DBManager plugin <= 2.79.1 - Arbitrary File Deletion vulnerability 2018-11-27
Yoast SEO WordPress Yoast SEO plugin <= 9.1.0 - Authenticated Command Execution vulnerability 2018-11-20
Ninja Forms WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-15
Better WordPress reCAPTCHA WordPress Better WordPress reCAPTCHA plugin <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Directory Traversal vulnerability 2018-11-13
Media File Manager WordPress Media File Manager plugin <= 1.4.2 - Reflected Cross-Site Scripting (XSS) vulnerability 2018-11-13
WP GDPR Compliance WordPress WP GDPR Compliance plugin <= 1.4.2 - Privilege Escalation vulnerability 2018-11-13
Flow-Flow Social Stream WordPress Flow-Flow Social Stream plugin <= 3.0.71 - Unauthenticated Cross-Site Scripting (XSS) vulnerability 2018-11-13
Calendar WordPress Calendar plugin <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-11-13
Accelerated Mobile Pages WordPress Accelerated Mobile Pages plugin <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities 2018-11-13
WooCommerce WordPress WooCommerce plugin <= 3.4.5 - Authenticated File Deletion to Privilege Escalation vulnerability 2018-11-07