WordPress Vulnerability Database - Patchstack

Vulnerability Database

Software

Vulnerability

Type

Version

Published

Export any WordPress data to XML/CSV

Medium Severity

6.6

Authenticated SQL Injection (SQLi) vulnerability

Medium Severity

6.6

Plugin

<= 1.3.4

2022-05-20

School Management Pro

Critical Severity

10

Unauthenticated Remote Code Execution (RCE) via REST API

Critical Severity

10

Plugin

< 9.9.7

2022-05-20

Google Tag Manager

Medium Severity

6.1

Reflected CrossSite Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 1.15

2022-05-19

Critical Severity

9.9

Authenticated Privilege Escalation and Post deletion vulnerability

Critical Severity

9.9

Theme

<= 6.10.1

2022-05-18

High Severity

8.1

Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

High Severity

8.1

Theme

<= 6.10.1

2022-05-18

Medium Severity

6.5

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deletion

Medium Severity

6.5

Theme

<= 6.10.1

2022-05-18

Medium Severity

6.5

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification

Medium Severity

6.5

Theme

<= 2.0.6

2022-05-18

High Severity

8.1

Authenticated Path Traversal and Local File Inclusion (LFI) vulnerability

High Severity

8.1

Theme

<= 2.0.6

2022-05-18

Medium Severity

5.4

Arbitrary Settings Update via CrossSite Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 4.8.8

2022-05-18

Medium Severity

4.7

Reflected CrossSite Scripting (XSS) vulnerability

Medium Severity

4.7

Plugin

<= 2.14.3

2022-05-18

High Severity

7.2

Authenticated Remote Code Execution (RCE) vulnerability

High Severity

7.2

Plugin

<= 3.2.3

2022-05-18

Critical Severity

9.8

Unauthenticated Remote Code Execution (RCE) vulnerability

Critical Severity

9.8

Plugin

<= 1.0.9

2022-05-18

Medium Severity

4.1

CRM plugin <= 1.2.1 CSV Injection vulnerability

Medium Severity

4.1

Plugin

<= 1.2.1

2022-05-18

High Severity

7.5

Sensitive Data Exposure vulnerability

High Severity

7.5

Plugin

<= 0.1

2022-05-18

Critical Severity

9.9

Authenticated Privilege Escalation and Post deletion vulnerability

Critical Severity

9.9

Plugin

<= 2.0.7

2022-05-18

Medium Severity

6.5

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification

Medium Severity

6.5

Plugin

<= 2.0.6

2022-05-18

Medium Severity

6.3

Information Disclosure, Modification, and Denial of Service (DoS) vulnerabilities

Medium Severity

6.3

Plugin

<= 2.0.6

2022-05-18

Webriti SMTP Mail

Medium Severity

5.4

Arbitrary Settings Update via CrossSite Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.0

2022-05-18

Latest Tweets Widget

Medium Severity

5.4

Arbitrary Settings Update via CrossSite Request Forgery (CSRF) vulnerability

Medium Severity

5.4

Plugin

<= 1.1.4

2022-05-18

Medium Severity

4.8

Authenticated Stored CrossSite Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 1.1.0

2022-05-18

Newer entries Older entries

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.