WordPress Vulnerability Database - Patchstack

Vulnerability Database

WordPress Vulnerability Database

Hand curated, verified and enriched WordPress vulnerability information

This month's Patchstack Red Team findings:

36

Last month's Patchstack Red Team findings:

292

Software

Vulnerability

Type

Version

Published

WooCommerce Stock Manager

High Severity

8.8

WordPress WooCommerce Stock Manager plugin <= 2.5.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload

High Severity

8.8

Plugin

<= 2.5.7

2021-06-14

WordPress Popular Posts

High Severity

8.8

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)

High Severity

8.8

Plugin

<= 5.3.2

2021-06-11

Easy Cookies Policy

Medium Severity

6.5

WordPress Easy Cookies Policy plugin <= 1.6.2 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)

Medium Severity

6.5

Plugin

<= 1.6.2

2021-06-11

High Severity

8.6

WordPress Motor premium theme <= 3.0 - Unauthenticated Local File Inclusion (LFI) vulnerability

High Severity

8.6

Theme

<= 3.0

2021-06-09

High Severity

7.5

WordPress JoomSport plugin <= 5.1.5 - Unauthenticated PHP Object Injection vulnerability

High Severity

7.5

Plugin

<= 5.1.5

2021-06-08

Medium Severity

5.4

WordPress WC Marketplace plugin <= 3.7.3 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 3.7.3

2021-06-08

Medium Severity

4.3

WordPress WP Prayer plugin <= 1.6.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Medium Severity

4.3

Plugin

<= 1.6.5

2021-06-08

Qtranslate Slug

Medium Severity

5.4

WordPress Qtranslate Slug plugin <= 1.1.18 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.1.18

2021-06-08

Custom css-js-php

Medium Severity

5.4

WordPress Custom css-js-php plugin <= 2.0.7 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 2.0.7

2021-06-08

Medium Severity

5.4

WordPress Multiple Roles plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.3.1

2021-06-08

Medium Severity

4.3

WordPress Edwiser Bridge plugin <= 2.0.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Medium Severity

4.3

Plugin

<= 2.0.6

2021-06-08

Medium Severity

6.1

WordPress Jannah premium theme <= 5.4.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Theme

<= 5.4.3

2021-06-07

Medium Severity

4.8

WordPress WP Google Maps plugin <= 8.1.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 8.1.11

2021-06-07

WordPress Popular Posts

Medium Severity

6.9

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.9

Plugin

<= 5.3.2

2021-06-07

Medium Severity

6.5

WordPress Recently plugin <= 3.0.4 - Authenticated Code Injection vulnerability

Medium Severity

6.5

Plugin

<= 3.0.4

2021-06-07

Medium Severity

5.4

WordPress Recently plugin <= 3.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 3.0.4

2021-06-07

Comments Like Dislike

Medium Severity

5.3

WordPress Comments Like Dislike plugin <= 1.1.3 - Repeated Voting Restriction Bypass vulnerability

Medium Severity

5.3

Plugin

<= 1.1.3

2021-06-07

Medium Severity

4.7

WordPress WP Hardening plugin <= 1.2.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.7

Plugin

<= 1.2.1

2021-06-07

Stripe Payment Gateway for WooCommerce

Medium Severity

4.7

WordPress Stripe Payment Gateway for WooCommerce plugin <= 3.5.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.7

Plugin

<= 3.5.9

2021-06-07

Critical Severity

9.8

WordPress Kiwi Social Sharing plugin <= 2.1.0 - Unauthenticated WordPress Options Change/Read vulnerability

Critical Severity

9.8

Plugin

<= 2.1.0

2021-06-04

Newer entries Older entries

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.