Report WordPress vulnerabilities, earn prizes and become an Alliance member!
████
█████████████████████ ████████████████████████████████████████████████████████
Pending
████
█████████████████████ ████████████████████████████████████████████████████████
Pending
████
█████████████████████ ████████████████████████████████████████████████████████
Pending
████
██████████████ █████████████████████████████████████████████████
Pending
████
███████ ████████████████████████████████████████████████████████
Pending
████
██████████████ █████████████████████████████████████████████████
Pending
Plugin
WPvivid Backup and Migration Privilege Escalation on Staging Environment vulnerability
13 September, 2023
Plugin
Carousel Slider Broken Access Control vulnerability
5 September, 2023
Plugin
Simple Giveaways Broken Access Control vulnerability
4 July, 2023
Plugin
Download Monitor Arbitrary File Upload vulnerability
13 June, 2023
Plugin
Leyka Privilege Escalation vulnerability
22 May, 2023
Plugin
Link Whisper Free Unauthenticated Broken Access Control vulnerability
9 May, 2023
Plugin
Easy Digital Downloads 3.1.1.4.1 Unauthenticated Privilege Escalation Vulnerability
1 May, 2023
Plugin
If Menu Broken Access Control
22 March, 2023
Plugin
WordPress Email Marketing Plugin – WP Email Capture Sensitive Data Exposure vulnerability
15 March, 2023
Plugin
WP-RecentComments RecentComments plugin <= 2.2.7 Broken Access Control vulnerability
20 February, 2023
Plugin
Auto Affiliate Links Unauth. Broken Access Control vulnerability
6 February, 2023
Plugin
WordPress Form Builder Plugin – Gutenberg Forms Auth. Broken Access Control vulnerability
6 February, 2023
Plugin
Analytify Google Analytics Dashboard plugin <= 4.2.3 Privilege Escalation vulnerability
29 December, 2022
Plugin
Robo Gallery Auth. Broken Access Control vulnerability
14 December, 2022
Plugin
Post Teaser Auth. Broken Access Control vulnerability
2 December, 2022
Plugin
Afterpay Gateway for WooCommerce Unauth. Reflected CrossSite Scripting (XSS) vulnerability
1 December, 2022
Plugin
Better Click To Tweet Unauth. Broken Access Control vulnerability
28 November, 2022
Plugin
WP-FormAssembly FormAssembly plugin <= 2.0.5 Auth. Arbitrary File Read vulnerability
23 November, 2022
Plugin
Plugin for Google Reviews Auth. Broken Access Control vulnerability
18 November, 2022
Plugin
WooSwipe WooCommerce Gallery Auth. Broken Access Control vulnerability
17 November, 2022
Plugin
ULTIMATE TABLES Unauth. Reflected CrossSite Scripting (XSS) vulnerability
17 November, 2022
Plugin
LoginPress Broken Access Control vulnerability
7 November, 2022
Plugin
Permalink Manager Lite Broken Access Control vulnerability
1 November, 2022
Plugin
Subscribe to Category Auth. Broken Access Control vulnerability
31 October, 2022
Plugin
Modula Image Gallery Unauth. Plugin Settings Change vulnerability
28 October, 2022
Plugin
Advanced Floating Content Multiple Auth. CrossSite Scripting (XSS) vulnerabilities
24 October, 2022
Plugin
Welcart e-Commerce Unauth. Directory Traversal vulnerability
20 October, 2022
Plugin
WordPress Importer Reflected CrossSite Scripting (XSS) vulnerability
11 October, 2022
Plugin
CRM Perks Forms Reflected CrossSite Scripting (XSS) vulnerability
30 September, 2022
Plugin
FontMeister Reflected CrossSite Scripting (XSS) vulnerability
23 September, 2022
Plugin
Photospace Gallery Broken Access Control vulnerability
12 September, 2022
Plugin
Pop-up up plugin <= 1.1.5 Privilege Escalation vulnerability
2 September, 2022
Plugin
ActiveDEMAND Broken Authentication vulnerability
2 August, 2022
Plugin
GS Testimonial Slider Authenticated Stored CrossSite Scripting (XSS) vulnerability
27 July, 2022
Plugin
Custom Product Tabs for WooCommerce Broken Access Control vulnerability leading to &yikesthecontenttoggle option update
28 June, 2022
Plugin
Images Slideshow by 2J Reflected CrossSite Scripting (XSS) vulnerability
4 May, 2022
Plugin
Ravpage Unauthenticated Reflected CrossSite Scripting (XSS) vulnerability
28 April, 2022
Plugin
ShortPixel Adaptive Images Subscriber+ Plugin Settings Update vulnerability
25 April, 2022
Plugin
FV Flowplayer Video Player SQL Injection (SQLi) vulnerability
18 March, 2022
Plugin
Accelerated Mobile Pages Authenticated Stored CrossSite Scripting (XSS) vulnerability
11 December, 2021
Plugin
Ivory Search Reflected CrossSite Scripting (XSS) vulnerability
1 October, 2021
Plugin
Testimonial Rotator Authenticated Stored CrossSite Scripting (XSS) vulnerability
19 February, 2021
Plugin
Ivory Search Reflected CrossSite Scripting (XSS) vulnerability
1 February, 2021
Plugin
Constant Contact Forms Multiple Authenticated Stored CrossSite Scripting (XSS) vulnerabilities
6 September, 2020
Plugin
WP Customer Reviews Multiple Unauthenticated and Low Privilege Authenticated Stored XSS vulnerabilities
20 August, 2020
Plugin
Blog2Social Authenticated SQL Injection (SQLi) vulnerability
9 June, 2020
Plugin
AdRotate Banner Manager Authenticated SQL Injection (SQLi) vulnerability
3 June, 2020