WordPress Vulnerability Database

Vulnerability Database

WordPress Vulnerability Database

Hand curated, verified and enriched WordPress vulnerability information

This month's Patchstack Red Team findings:

9

Last month's Patchstack Red Team findings:

156

Software

Vulnerability

Type

Version

Published

External Media

Critical Severity

9.9

WordPress External Media plugin <= 1.0.33 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Critical Severity

9.9

Plugin

<= 1.0.33

2021-05-13

WordPress

Critical Severity

9.8

WordPress <= 5.7.1 - Object injection in PHPMailer vulnerability

Critical Severity

9.8

WordPress

<= 5.7.1

2021-05-13

LifterLMS

Medium Severity

5.4

WordPress LMS by LifterLMS plugin <= 4.21.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 4.21.0

2021-05-10

ReDi Restaurant Reservation

Medium Severity

6.1

WordPress ReDi Restaurant Reservation plugin <= 21.0307 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 21.0307

2021-05-09

Simple Giveaways

Medium Severity

6.1

WordPress Simple Giveaways plugin <= 2.36.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 2.36.1

2021-05-09

Ultimate Member

Medium Severity

5.4

WordPress Ultimate Member plugin <= 2.1.19 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 2.1.19

2021-05-07

Leads 5050 Visitor Insights

Medium Severity

4.3

WordPress Leads 5050 Visitor Insights plugin <= 1.0.5 - Unauthorized License Change vulnerability

Medium Severity

4.3

Plugin

<= 1.0.5

2021-05-07

DSGVO All in one for WP

Medium Severity

6.1

WordPress DSGVO All in one for WP plugin <= 3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

6.1

Plugin

<= 3.9

2021-05-07

UltimateWoo

High Severity

7.5

WordPress UltimateWoo plugin <= 0.1.10 - PHP Object Injection vulnerability

High Severity

7.5

Plugin

<= 0.1.10

2021-05-07

MalCare Security

Medium Severity

4.8

WordPress MalCare Security plugin <= 4.57 - Authenticated Cross-Site Scripting (XSS) vulnerability

Medium Severity

4.8

Plugin

<= 4.57

2021-05-05

Hana Flv Player

Medium Severity

5.4

WordPress Hana Flv Player plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 3.1.3

2021-05-05

Ship To eCourier

Medium Severity

6.3

WordPress Ship To eCourier plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability allowing Plugin Settings Update

Medium Severity

6.3

Plugin

<= 1.0.1

2021-05-05

Simple Admin Language Change

Medium Severity

4.3

WordPress Simple Admin Language Change plugin <= 2.0.1 - Arbitrary User Locale Change vulnerability

Medium Severity

4.3

Plugin

<= 2.0.1

2021-05-05

WP Customer Reviews

Medium Severity

5.4

WordPress WP Customer Reviews plugin <= 3.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 3.5.5

2021-05-04

Autoptimize

Medium Severity

5.4

WordPress Autoptimize plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 2.8.3

2021-05-04

Hotjar Connecticator

Medium Severity

5.4

WordPress Hotjar Connecticator plugin <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 1.1.1

2021-05-04

Spam protection, AntiSpam, FireWall by CleanTalk

High Severity

7.5

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 5.153.3 - Unauthenticated Time-Based Blind SQL Injection (SQLi) vulnerability

High Severity

7.5

Plugin

<= 5.153.3

2021-05-03

CMP – Coming Soon & Maintenance

High Severity

7.2

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Remote Code Execution (RCE) vulnerability

High Severity

7.2

Plugin

<= 4.0.9

2021-05-02

CMP – Coming Soon & Maintenance

Medium Severity

5.9

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.9

Plugin

<= 4.0.9

2021-05-02

WooCommerce

Medium Severity

5.4

WordPress WooCommerce plugin <= 5.1.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Medium Severity

5.4

Plugin

<= 5.1.0

2021-04-29

Newer entries Older entries

Vulnerability Database