Report WordPress vulnerabilities, earn prizes and become an Alliance member!
████
███████ ████████████████████████████████████████████████████████
Pending
████
███████ ███████████████████████████████████
Pending
████
███████ ██████████████████████████████████████████
Pending
████
███████ █████████████████████████████████████████████████
Pending
████
█████████████████████ ██████████████████████████████████████████
Pending
████
███████ ██████████████████████████████████████████
Pending
████
██████████████ ██████████████████████████████████████████
Pending
████
██████████████ █████████████████████████████████████████████████
Pending
████
██████████████ ███████████████████████████████████
Pending
████
███████ █████████████████████████████████████████████████
Pending
████
███████ ██████████████████████████████████████████
Pending
████
██████████████ ██████████████████████████████████████████
Pending
████
███████ ██████████████████████████████████████████
Pending
████
█████████████████████ ██████████████████████████████████████████
Pending
████
██████████████ ███████████████████████████████████
Pending
████
███████ █████████████████████████████████████████████████
Pending
████
██████████████ ███████████████████████████████████
Pending
████
█████████████████████ ████████████████████████████████████████████████████████
Pending
Plugin
WooCommerce Box Office Unauthenticated Save Ticket Barcode vulnerability
7 days ago
Plugin
WooCommerce Box Office Contributor+ Stored Cross Site Scripting (XSS) vulnerability
2 June, 2023
Plugin
Premium Addons PRO Reflected Cross Site Scripting (XSS) vulnerability
2 June, 2023
Plugin
Tutor LMS Unauthenticated SQL Injection vulnerability
30 May, 2023
Plugin
Tutor LMS Multiple Student+ SQL Injection vulnerability
30 May, 2023
Plugin
Tutor LMS Multiple Tutor Instructor+ SQL Injection vulnerability
30 May, 2023
Plugin
Gravity Forms Unauthenticated PHP Object Injection vulnerability
29 May, 2023
Plugin
Tutor LMS Multiple Broken Access Control vulnerabilities
24 May, 2023
Plugin
WooCommerce Product Vendors Reflected Cross Site Scripting (XSS) vulnerability
24 May, 2023
Plugin
WooCommerce Product Vendors Vendor Admin+ SQL Injection vulnerability
24 May, 2023
Plugin
WooCommerce Follow-Up Emails Up Emails plugin <= 4.9.50 FollowUp Emails Manager+ SQL Injection vulnerability
24 May, 2023
Plugin
Yoast SEO: Local Cross Site Scripting (XSS) vulnerability
24 May, 2023
Plugin
Elementor Website Builder Broken Access Control vulnerability
24 May, 2023
Plugin
Rank Math SEO PRO Reflected Cross Site Scripting (XSS) vulnerability
22 May, 2023
Plugin
Contact Form Entries Cross Site Scripting (XSS) vulnerability
22 May, 2023
Plugin
Contact Form Entries Auth. SQL Injection (SQLi) vulnerability
22 May, 2023
Plugin
WooCommerce Warranty Requests Reflected Cross Site Scripting (XSS) vulnerability
22 May, 2023
Plugin
WooCommerce Follow-Up Emails Up Emails plugin <= 4.9.40 Arbitrary File Upload vulnerability
22 May, 2023
Plugin
WooCommerce Follow-Up Emails Up Emails plugin <= 4.9.40 Reflected Cross Site Scripting (XSS) vulnerability
22 May, 2023
Plugin
WooCommerce Follow-Up Emails Up Emails plugin <= 4.9.40 Multiple Cross Site Request Forgery (CSRF) vulnerability
22 May, 2023
Plugin
LearnDash LMS Auth. SQL Injection (SQLi) vulnerability
22 May, 2023
Plugin
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Unrestricted Zip Extraction vulnerability
22 May, 2023
Plugin
Duplicator Pro Reflected Cross Site Scripting (XSS) vulnerability
22 May, 2023
Plugin
UpdraftPlus CSRF lead to wpadmin Site Wide XSS vulnerability
18 May, 2023
Plugin
Easy Forms for Mailchimp Cross Site Scripting (XSS) vulnerability
17 May, 2023
Plugin
Chaty Cross Site Scripting (XSS) vulnerability
16 May, 2023
Plugin
WooCommerce Product Add-ons ons plugin <= 6.1.3 Authenticated PHP Object Injection vulnerability
15 May, 2023
Plugin
WooCommerce Product Add-ons ons plugin <= 6.1.3 Cross Site Request Forgery (CSRF) vulnerability
15 May, 2023
Plugin
WooCommerce Bookings Insecure Direct Object References (IDOR) vulnerability
15 May, 2023
Plugin
AutomateWoo Cross Site Request Forgery (CSRF) vulnerability
15 May, 2023
Plugin
WooCommerce Brands Contributor+ Stored Cross Site Scripting (XSS) vulnerability
15 May, 2023
Plugin
WooCommerce Pre-Orders Orders plugin <= 2.0.0 Contributor+ Stored Cross Site Scripting (XSS) vulnerability
15 May, 2023
Plugin
AutomateWoo Shop Manager+ SQL Injection vulnerability
15 May, 2023
Plugin
WooCommerce Pre-Orders Orders plugin <= 1.9.0 Cross Site Scripting (XSS) vulnerability
15 May, 2023
Plugin
WooCommerce Composite Products Reflected Cross Site Scripting (XSS) vulnerability
15 May, 2023
Plugin
WooCommerce Ship to Multiple Addresses Insecure Direct Object References (IDOR) vulnerability
15 May, 2023
Plugin
WooCommerce Product Recommendations Cross Site Request Forgery (CSRF) vulnerability
15 May, 2023
Plugin
Essential Addons for Elementor Pro Reflected Cross Site Scripting (XSS) vulnerability
15 May, 2023
Plugin
Essential Addons for Elementor Pro Unauthenticated Server Side Request Forgery (SSRF) vulnerability
15 May, 2023
Plugin
Slimstat Analytics SQL Injection (SQLi) vulnerability
11 May, 2023
Plugin
Slimstat Analytics Reflected CrossSite Scripting (XSS) vulnerability
11 May, 2023
Plugin
Bookly Authenticated Arbitrary File Deletion vulnerability
11 May, 2023
Plugin
Essential Addons for Elementor 5.7.1 Unauthenticated Privilege Escalation vulnerability
11 May, 2023
Plugin
Download Monitor Sensitive Data Exposure vulnerability
10 May, 2023
Plugin
Google Analytics by Monster Insights Cross Site Scripting (XSS) vulnerability
10 May, 2023
Plugin
GiveWP Donation Plugin plugin <= 2.25.3 PHP Object Injection vulnerability
9 May, 2023
Plugin
ExactMetrics Cross Site Scripting (XSS) vulnerability
9 May, 2023
Plugin
Yoast SEO Premium Unauthenticated Zapier API Key Reset vulnerability
9 May, 2023
Plugin
Yoast SEO: Local Cross Site Request Forgery (CSRF) vulnerability
9 May, 2023
Plugin
Yoast SEO: Local Reflected Cross Site Scripting (XSS) vulnerability
9 May, 2023
Theme
Flatsome Reflected Cross Site Scripting (XSS) vulnerability
9 May, 2023
Theme
Divi Contributor+ Cross Site Scripting (XSS) vulnerability
9 May, 2023
Plugin
Advanced Custom Fields PRO Reflected Cross Site Scripting (XSS) vulnerability
5 May, 2023
Plugin
Advanced Custom Fields Reflected Cross Site Scripting (XSS) vulnerability
5 May, 2023
Theme
JupiterX Auth. Local File Inclusion vulnerability
3 May, 2023
Plugin
YARPP Local File Inclusion
18 April, 2023
Plugin
Quiz And Survey Master Unauthenticated SQL Injection vulnerability
16 April, 2023
Theme
Betheme Reflected Cross Site Scripting (XSS) vulnerability
13 April, 2023
Plugin
MapPress Maps for WordPress Authenticated SQL Injection vulnerability
6 April, 2023
Theme
The7 Reflected Cross Site Scripting (XSS) vulnerability
6 April, 2023
Plugin
GiveWP Cross Site Request Forgery (CSRF) vulnerability
27 March, 2023
Plugin
User Registration Authenticated PHP Object Injection vulnerability
21 March, 2023
Plugin
SEO Plugin by Squirrly SEO Broken Access Control vulnerability
17 March, 2023
Plugin
SEO Plugin by Squirrly SEO Reflected CrossSite Scripting (XSS) vulnerability
17 March, 2023
Plugin
WP Google Map Plugin CrossSite Request Forgery (CSRF)
13 March, 2023
Plugin
GiveWP Cross Site Scripting (XSS) via render_dropdown vulnerability
10 March, 2023
Plugin
GiveWP Server Side Request Forgery (SSRF) vulnerability
10 March, 2023
Plugin
Cookie Notice & Compliance for GDPR / CCPA Cross Site Scripting (XSS) vulnerability
2 March, 2023
Plugin
Dokan Authenticated SQL Injection vulnerability
2 March, 2023
Theme
OceanWP Authenticated Local File Inclusion vulnerability
27 February, 2023
Plugin
ProfilePress Cross Site Scripting (XSS) vulnerability
21 February, 2023
Plugin
ProfilePress Cross Site Scripting (XSS) vulnerability
20 February, 2023
Plugin
Ocean Extra Cross Site Scripting (XSS) vulnerability
15 February, 2023
Plugin
Shortcodes Ultimate Server Side Request Forgery (SSRF) vulnerability
10 February, 2023
Plugin
Shortcodes Ultimate Arbitrary File Download vulnerability
10 February, 2023
Plugin
Shortcodes Ultimate Cross Site Scripting (XSS) vulnerability
10 February, 2023
Plugin
Rank Math SEO Local File Inclusion vulnerability
10 February, 2023
Plugin
Plugin for Google Reviews Auth. SQL Injection (SQLi) vulnerability
8 February, 2023
Plugin
Redirection for Contact Form 7 Privilege Escalation vulnerability
6 February, 2023
Plugin
WP Statistics Multiple Authenticated SQL Injection vulnerabilities
31 January, 2023
Plugin
Loginizer Unauth. Reflected CrossSite Scripting (XSS) vulnerability
5 December, 2022
Plugin
Loginizer CrossSite Request Forgery (CSRF) vulnerability
5 December, 2022
Plugin
All In One WP Security & Firewall Multiple CrossSite Request Forgery (CSRF) vulnerabilities
22 November, 2022
Plugin
wpForo Forum Arbitrary File Upload vulnerability
9 November, 2022
Plugin
All in One SEO Pro Server Side Request Forgery (SSRF) vulnerability
28 October, 2022
Plugin
SEO Plugin by Squirrly SEO Auth. Arbitrary File Upload vulnerability
25 October, 2022
Plugin
Sucuri Security CrossSite Request Forgery (CSRF) vulnerability
14 September, 2022
Plugin
All In One SEO Pack Multiple CrossSite Request Forgery (CSRF) vulnerabilities
5 September, 2022
Plugin
Rank Math SEO ServerSide Request Forgery (SSRF) vulnerability
12 August, 2022
Plugin
Directorist Authenticated Arbitrary File Upload vulnerability
18 July, 2022
Plugin
GiveWP Authenticated Arbitrary File Read via Export function vulnerability
12 July, 2022
Plugin
GiveWP Authenticated Arbitrary File Creation via Export function vulnerability
12 July, 2022
Plugin
WP Visitor Statistics (Real Time Traffic) Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
5 July, 2022
Plugin
Popup Builder CrossSite Request Forgery (CSRF) leading to plugin settings update
30 June, 2022
Plugin
WP Meta SEO Social Settings Update via CrossSite Request Forgery (CSRF) vulnerability
28 June, 2022
Plugin
Download Manager Reflected CrossSite Scripting (XSS) vulnerability
7 June, 2022