ThreatPress

WordPress Vulnerabilities Database

Daily updated database of WordPress plugins, themes and WordPress core vulnerabilities. Our R&D team monitors a large number of sources to add new vulnerabilities to the database on daily basis.

Vulnerabilities

Please use the search to find what you're looking for

Product Title Disclosure Date
WooCommerce Quick Reports WordPress WooCommerce Quick Reports plugin <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-06-11
Woocommerce Blocker Lite – Prevent fake orders and Blacklist fraud customers WordPress Woocommerce Blocker Lite plugin <= 1.6.5 - Cross-Site Request Forgery (CSRF) vulnerability 2018-06-11
Woocommerce Notifier Lite- Send automated web push desktop notifications WordPress Woocommerce Notifier Lite plugin <= 1.5.1 - Cross-Site Request Forgery (CSRF) vulnerability 2018-06-11
Woocommerce Notifier Lite- Send automated web push desktop notifications WordPress Woocommerce Notifier Lite plugin <= 1.5.1 - Stored Cross-Site Scripting (XSS) vulnerability 2018-06-11
WP Events Calendar WordPress WP Events Calendar plugin <= 1.0 - SQL Injection (SQLi) vulnerability 2018-06-05
WP Booking Calendar WordPress WP Booking Calendar plugin <= 3.0.0 - SQL Injection (SQLi) vulnerability 2018-06-05
WP Booking Calendar WordPress WP Booking Calendar plugin <= 3.0.0 - Cross-Site Scripting (XSS) vulnerability 2018-06-05
ProfileGrid WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability 2018-06-05
WP ULike WordPress WP ULike plugin <= 3.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-06-05
BBE WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability 2018-06-05
Download Woocommerce Category Banner Management WordPress WooCommerce Category Banner Management plugin <= 1.1.0 - Unauthenticated Settings Change Vulnerability 2018-06-03
Add Social Share Messenger Buttons Whatsapp and Viber WordPress Add Social Share Messenger Buttons Whatsapp and Viber plugin <= 1.0.8 - Cross-site Request Forgery (CSRF) vulnerability 2018-06-03
Advance Search for WooCommerce WordPress Advance Search for WooCommerce plugin <= 1.0.9 - Stored Cross-site scripting (XSS) vulnerability 2018-06-03
Eu Cookie Notice WordPress Eu Cookie Notice plugin <= 1.0.6 - Cross-site request forgery (CSRF) vulnerability 2018-06-03
Mass Pages/Posts Creator WordPress Mass Pages/Posts Creator plugin <= 1.2.2 - Stored Cross-Site scripting (XSS) vulnerability 2018-06-03
Page Visit Counter WordPress Page Visit Counter plugin <= 4.0.9 - SQL Injection (SQLi) vulnerability 2018-06-03
WooCommerce Checkout For Digital Goods WordPress Woo Checkout for Digital Goods plugin <= 2.1 - Cross-site request forgery (CSRF) vulnerability 2018-06-03
WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Request Forgery (CSRF) vulnerability 2018-06-03
WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Scripting (XSS) vulnerability 2018-06-03
WooCommerce Product Attachment WordPress WooCommerce Product Attachment plugin <= 1.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability 2018-06-03