Report WordPress vulnerabilities, earn prizes and become an Alliance member!
Plugin
WordPress Countdown Widget CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS)
23 November, 2022
Plugin
Mantenimiento web CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)
31 October, 2022
Plugin
Forms by CaptainForm CrossSite Request Forgery (CSRF) vulnerability
29 October, 2022
Plugin
Auto Upload Images CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)
24 October, 2022
Plugin
Media Library Folders CrossSite Request Forgery (CSRF) vulnerability
30 September, 2022
Plugin
OSM – OpenStreetMap CrossSite Request Forgery (CSRF) vulnerability
30 September, 2022
Plugin
HREFLANG Tags Lite Unauthenticated Plugin Data Reset vulnerability
29 September, 2022
Plugin
Oceanwp sticky header CrossSite Request Forgery (CSRF) vulnerability
27 September, 2022
Plugin
Advance WordPress Search Plugin Unauthenticated Plugin Settings Change vulnerability
27 September, 2022
Plugin
Advance WordPress Search Plugin Unauthenticated Plugin Settings Reset vulnerability
27 September, 2022
Plugin
Kraken.io Image Optimizer CrossSite Request Forgery (CSRF) vulnerability
23 September, 2022
Plugin
3D Tag Cloud Multiple Stored CrossSite Scripting (XSS) via CrossSite Request Forgery (CSRF) vulnerability
22 September, 2022
Plugin
RD Station Multiple CrossSite Request Forgery (CSRF) vulnerabilities
11 September, 2022
Plugin
Mega Addons For WPBakery Page Builder CrossSite Request Forgery (CSRF) vulnerability
2 September, 2022
Plugin
Captcha Code CrossSite Request Forgery (CSRF) vulnerability leading to Plugin Settings Update
1 September, 2022
Plugin
GetResponse for WordPress CrossSite Request Forgery (CSRF) vulnerability leading to API Key Update
1 September, 2022
Plugin
CallRail Phone Call Tracking CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)
1 September, 2022
Plugin
MP3 jPlayer Multiple CrossSite Request Forgery (CSRF) vulnerabilities
1 September, 2022
Plugin
Better Font Awesome CrossSite Request Forgery (CSRF) vulnerability
25 August, 2022
Plugin
wp-forecast forecast plugin <= 7.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability
25 August, 2022
Plugin
Photo Gallery by Supsystic CrossSite Request Forgery (CSRF) leading to Plugin Settings Change
15 June, 2022
Plugin
API KEY for Google Maps CSRF vulnerability leading to Google Maps API key update
8 June, 2022
Plugin
Social Share Buttons by Supsystic CrossSite Request Forgery (CSRF) vulnerability
27 May, 2022
Plugin
Disable Right Click For WP CrossSite Request Forgery (CSRF) vulnerability
4 May, 2022
Plugin
Code Snippets Extended CrossSite Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability
4 May, 2022
Plugin
Footer Text CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS) vulnerability
28 April, 2022
Plugin
Use Any Font CrossSite Request Forgery (CSRF) vulnerability
30 March, 2022
Plugin
Analytics Cat Plugin Settings change via CrossSite Request Forgery (CSRF) vulnerability
8 March, 2022
Plugin
PHP Everywhere CrossSite Request Forgery (CSRF) vulnerability
23 December, 2021
Plugin
Ark-commenteditor commenteditor plugin <= 2.15.6 Iframe Injection via Comment vulnerability
23 September, 2021
Plugin
WP SVG images Authenticated Stored CrossSite Scripting (XSS) vulnerability via uploaded SVG file
14 June, 2021