WordPress Vulnerability Database - Patchstack

Vulnerability Database

WordPress Vulnerability Database

Hand curated, verified and enriched WordPress vulnerability information

This month's Patchstack Red Team findings:

36

Last month's Patchstack Red Team findings:

292

Software

Vulnerability

Type

Version

Published

Medium Severity

5.4

WordPress 404 to 301 plugin <= 3.0.7 - Broken Access Control vulnerability

Medium Severity

5.4

Plugin

<= 3.0.7

2021-06-18

Contact Form Plugin

High Severity

7.1

WordPress Contact Form Plugin by Fluent Forms <= 3.6.65 - Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting(XSS)

High Severity

7.1

Plugin

<= 3.6.65

2021-06-16

Medium Severity

4.7

WordPress Jannah premium theme <= 5.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.7

Theme

<= 5.4.4

2021-06-14

WooCommerce Stock Manager

High Severity

8.8

WordPress WooCommerce Stock Manager plugin <= 2.5.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload

High Severity

8.8

Plugin

<= 2.5.7

2021-06-14

High Severity

7.1

WordPress wpForo Forum plugin <= 1.9.6 - Open Redirect vulnerability

High Severity

7.1

Plugin

<= 1.9.6

2021-06-14

High Severity

7.6

WordPress WP SVG images plugin <= 3.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via uploaded SVG file

High Severity

7.6

Plugin

<= 3.3

2021-06-14

BCS BatchLine Book Importer

Medium Severity

5.3

WordPress BCS BatchLine Book Importer plugin <= 1.5.7 - Unauthenticated Product Import/Update vulnerability

Medium Severity

5.3

Plugin

<= 1.5.7

2021-06-14

Medium Severity

6.1

WordPress VikRentCar plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Medium Severity

6.1

Plugin

<= 1.1.6

2021-06-14

Welcart e-Commerce by Collne Inc.

Medium Severity

6.1

WordPress Welcart e-Commerce plugin <= 2.2.3 - Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 2.2.3

2021-06-11

WordPress Popular Posts

High Severity

8.8

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)

High Severity

8.8

Plugin

<= 5.3.2

2021-06-11

Easy Cookies Policy

Medium Severity

6.5

WordPress Easy Cookies Policy plugin <= 1.6.2 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

Medium Severity

6.5

Plugin

<= 1.6.2

2021-06-11

Medium Severity

4.7

WordPress FoodBakery premium theme <= 2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.7

Theme

<= 2.1

2021-06-10

High Severity

8.6

WordPress Motor premium theme <= 3.0 - Unauthenticated Local File Inclusion (LFI) vulnerability

High Severity

8.6

Theme

<= 3.0

2021-06-09

High Severity

7.5

WordPress JoomSport plugin <= 5.1.5 - Unauthenticated PHP Object Injection vulnerability

High Severity

7.5

Plugin

<= 5.1.5

2021-06-08

Medium Severity

5.4

WordPress WC Marketplace plugin <= 3.7.3 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 3.7.3

2021-06-08

Medium Severity

4.3

WordPress WP Prayer plugin <= 1.6.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Medium Severity

4.3

Plugin

<= 1.6.5

2021-06-08

Qtranslate Slug

Medium Severity

5.4

WordPress Qtranslate Slug plugin <= 1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.1.18

2021-06-08

Custom css-js-php

Medium Severity

5.4

WordPress Custom css-js-php plugin <= 2.0.7 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 2.0.7

2021-06-08

Medium Severity

5.4

WordPress Multiple Roles plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.3.1

2021-06-08

Medium Severity

4.3

WordPress Edwiser Bridge plugin <= 2.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Medium Severity

4.3

Plugin

<= 2.0.6

2021-06-08

Newer entries Older entries

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.