Report WordPress vulnerabilities, earn prizes and become an Alliance member!
Plugin
Asset CleanUp: Page Speed Booster Authenticated Reflected CrossSite Scripting (XSS) vulnerability
28 September, 2022
Plugin
WP Google Map Broken Access Control vulnerability
8 December, 2021
Plugin
WP Google Map Subscriber+ Map Creation/Update/Deletion vulnerability
8 December, 2021
Plugin
Age Gate Unauthenticated Stored CrossSite Scripting (XSS) vulnerability
25 October, 2021
Plugin
Backup Guard Authenticated Arbitrary File Upload vulnerability
18 February, 2021
Plugin
Theme Editor Multiple Authenticated Arbitrary File Download vulnerabilities
13 February, 2021
Plugin
WP Editor SQL injection (SQLi) vulnerability
2 February, 2021
Plugin
Modern Events Calendar Lite Authenticated Arbitrary File Upload to Remote Code Execution (RCE) vulnerability
29 January, 2021
Plugin
Modern Events Calendar Lite Authenticated SQL Injection (SQLi) vulnerability
29 January, 2021
Plugin
Modern Events Calendar Lite Authenticated Stored CrossSite Scripting (XSS) vulnerability
27 January, 2021
Plugin
301 Redirects Authenticated SQL Injection (SQLi) vulnerability
18 January, 2021
Plugin
Events Manager Authenticated Stored CrossSite Scripting (XSS) vulnerability
25 November, 2020
Plugin
Advanced Database Cleaner Authenticated SQL injection (SQLi) vulnerability
6 September, 2020
Plugin
Autoptimize Authenticated Arbitrary File Upload vulnerability
24 August, 2020