WordPress Vulnerability Database

Vulnerability Database

WordPress Vulnerability Database

Hand curated, verified and enriched WordPress vulnerability information

This month's Patchstack Red Team findings:

34

Last month's Patchstack Red Team findings:

52

Software

Vulnerability

Type

Version

Published

OptinMonster

High Severity

7.2

WordPress OptinMonster plugin <= 2.6.4 - Unprotected REST-API to Sensitive Information Disclosure and Unauthorized API access vulnerability

High Severity

7.2

Plugin

<= 2.6.4

2021-10-27

HashThemes Demo Importer

High Severity

8.1

WordPress HashThemes Demo Importer plugin <= 1.1.1 - Improper Access Control allowing content deletion vulnerability

High Severity

8.1

Plugin

<= 1.1.1

2021-10-26

Notification

Medium Severity

4.8

WordPress Notification plugin <= 7.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 7.2.4

2021-10-25

Easy Digital Downloads

Medium Severity

4.8

WordPress Easy Digital Downloads plugin <= 2.11.2 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 2.11.2

2021-10-21

Simple Job Board

Medium Severity

5.5

WordPress Simple Job Board plugin <= 2.9.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 2.9.4

2021-10-21

Catch Themes Demo Import

High Severity

7.2

WordPress Catch Themes Demo Import plugin <= 1.7 - Arbitrary File Upload vulnerability

High Severity

7.2

Plugin

<= 1.7

2021-10-21

Sassy Social Share

Medium Severity

6.3

WordPress Sassy Social Share plugin <= 3.3.23 - Missing Authorization Controls to PHP Object Injection vulnerability

Medium Severity

6.3

Plugin

<= 3.3.23

2021-10-20

Smart Grid-Layout Design for Contact Form 7

Medium Severity

5.5

WordPress Smart Grid-Layout Design for Contact Form 7 plugin <= 4.11.4 - Authenticated Arbitrary File Deletion vulnerability

Medium Severity

5.5

Plugin

<= 4.11.4

2021-10-20

Mang Board WP

High Severity

7.5

WordPress Mang Board WP plugin <= 1.9.9 - SQL Injection (SQLi) vulnerability

High Severity

7.5

Plugin

<= 1.9.9

2021-10-19

Leaky Paywall

Medium Severity

5.5

WordPress Leaky Paywall plugin <= 4.16.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 4.16.5

2021-10-18

LearnPress

Medium Severity

5.5

WordPress LearnPress plugin <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 4.1.3.1

2021-10-18

Content Staging

Medium Severity

5.5

WordPress Content Staging <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 2.0.1

2021-10-18

YOP Poll

Medium Severity

6.9

WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Preview Module

Medium Severity

6.9

Plugin

<= 6.3.0

2021-10-15

YOP Poll

Medium Severity

6.9

WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Options Module

Medium Severity

6.9

Plugin

<= 6.3.0

2021-10-15

JobBoardWP – Job Board Listings and Submissions

Medium Severity

5.5

WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 1.0.7

2021-10-15

MPL-Publisher – Self-publish your book & ebook

Medium Severity

5.5

WordPress MPL-Publisher – Self-publish your book & ebook plugin <= 1.30.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 1.30.2

2021-10-15

Indeed Job Importer

Medium Severity

5.5

WordPress Indeed Job Importer plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 1.0.5

2021-10-15

Job Manager

Medium Severity

5.5

WordPress Job Manager plugin <= 0.7.25 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.5

Plugin

<= 0.7.25

2021-10-14

WP Fastest Cache

High Severity

7.7

WordPress WP Fastest Cache plugin <= 0.9.4 - Authenticated SQL Injection (SQLi) vulnerability

High Severity

7.7

Plugin

<= 0.9.4

2021-10-14

WP Fastest Cache

Critical Severity

9.6

WordPress WP Fastest Cache plugin <= 0.9.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Critical Severity

9.6

Plugin

<= 0.9.4

2021-10-14

Newer entries Older entries

Vulnerability Database