Report WordPress vulnerabilities, earn prizes and become an Alliance member!
Plugin
Ninja Popups Unauth. Open Redirect vulnerability
18 July, 2023
Theme
RealHomes Broken Access Control vulnerability
11 July, 2023
Theme
RealHomes Broken Access Control vulnerability
11 July, 2023
Theme
Consulting Local File Inclusion
5 July, 2023
Theme
WPLMS CrossSite Request Forgery (CSRF) vulnerability
5 July, 2023
Plugin
Houzez CRM SQL Injection
28 June, 2023
Theme
The7 CrossSite Request Forgery (CSRF)
27 June, 2023
Theme
HashOne Broken Access Control Vulnerability
25 May, 2023
Theme
Viral Broken Access Control vulnerability
25 May, 2023
Theme
Viral News Broken Access Control
25 May, 2023
Theme
MetroStore Broken Access Control
16 May, 2023
Theme
BuzzStore Broken Access Control
16 May, 2023
Theme
SparkleStore Broken Access Control
16 May, 2023
Theme
Medical Heed Broken Access Control
16 May, 2023
Theme
Kingcabs Broken Access Control
16 May, 2023
Theme
Craft Blog Broken Access Control
16 May, 2023
Theme
Fitness Park Broken Access Control
16 May, 2023
Theme
Online eStore Broken Access Control
16 May, 2023
Theme
Kathmag Broken Access Control
16 May, 2023
Theme
Appzend Broken Access Control
16 May, 2023
Theme
SpiderMag Broken Access Control
16 May, 2023
Plugin
Easing Slider Plugin Settings Reset Vulnerability
16 May, 2023
Theme
WoodMart CrossSite Scripting (XSS) vulnerability
11 May, 2023
Theme
WoodMart Broken Access Control vulnerability
11 May, 2023
Plugin
Woodmart Core PHP Object Injection
11 May, 2023
Plugin
Woodmart Core Privilege Escalation
11 May, 2023
Plugin
YITH WooCommerce Gift Cards Premium Unauth. Gift Card Creation Leading to Stored XSS vulnerability
10 May, 2023
Plugin
Points and Rewards for WooCommerce Broken Access Control vulnerability
5 May, 2023
Plugin
Points and Rewards for WooCommerce Settings Change vulnerability
5 May, 2023
Plugin
Community by PeepSo Server Information Disclosure
5 May, 2023
Theme
TheGem Broken Access Control vulnerability
5 May, 2023
Theme
TheGem Broken Access Control vulnerability
5 May, 2023
Theme
TheGem Auth. Stored CrossSite Scripting (XSS) vulnerability
5 May, 2023
Theme
TheGem Auth. Stored CrossSite Scripting (XSS) Vulnerability
5 May, 2023
Theme
Editorialmag Authenticated Arbitrary Plugin Activation
4 May, 2023
Plugin
CM Pop-Up banners Up banners for WordPress plugin <= 1.5.10 SQL Injection vulnerability
3 May, 2023
Theme
Educenter Broken Access Control
14 April, 2023
Theme
Square Broken Access Control
13 April, 2023
Theme
Blogger Buzz Broken Access Control vulnerability
13 April, 2023
Theme
Houzez Unauth. SQL Injection (SQLi) vulnerability
6 April, 2023
Theme
Viral Mag Authenticated Arbitrary Plugin Activation Vulnerability
30 March, 2023
Plugin
HappyFiles Pro Broken Access Control
29 March, 2023
Plugin
HappyFiles Pro Broken Access Control vulnerability
29 March, 2023
Theme
Resoto Broken Access Control to Arbitrary Plugin Activation
22 March, 2023
Theme
Real Estate Directory Authenticated Arbitrary Plugin Activation
17 March, 2023
Theme
Chankhe Authenticated Arbitrary Plugin Activation
15 March, 2023
Theme
Mediciti Lite Reflected Cross Site Scripting (XSS) vulnerability
15 March, 2023
Theme
Brilliance Reflected CrossSite Scripting (XSS) vulnerability
13 March, 2023
Theme
Intrepidity Cross Site Request Forgery (CSRF)
13 March, 2023
Theme
Regina Lite Reflected Cross Site Scripting (XSS)
13 March, 2023
Plugin
Montonio for WooCommerce Server Side Request Forgery (SSRF)
8 March, 2023
Theme
Big Store CrossSite Request Forgery (CSRF) vulnerability
5 March, 2023
Plugin
Wpopal Core Features Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
AMO for WP – Membership Management Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
WooVirtualWallet – A virtual wallet for WooCommerce Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
WooVIP – Membership plugin for WordPress and WooCommerce Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
WooSupply – Suppliers, Supply Orders and Stock Management Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
Theme Minifier Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
Styles Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
WordPress Page Builder – Qards Qards plugin <= 1.0.5 Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
PHPFreeChat Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
Custom Login Admin Front-end CSS end CSS plugin <= 1.4.1 Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
CSS Adder By Agence-Press Press plugin <= 1.5.0 Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
Confirm Data Unauth. ServerSide Request Forgery (SSRF) vulnerability
3 March, 2023
Plugin
AMP Toolbox Server Side Request Forgery (SSRF)
3 March, 2023
Plugin
Admin CSS MU ServerSide Request Forgery (SSRF) vulnerability
3 March, 2023
Plugin
Types Authenticated Arbitrary File Upload Vulnerability
3 March, 2023
Theme
Total Authenticated Arbitrary Plugin Activation
1 March, 2023
Plugin
Wholesale Suite Auth. Broken Access Control vulnerability
27 February, 2023
Theme
Houzez Privilege Escalation
27 February, 2023
Plugin
Zendrop – Global Dropshipping Arbitrary SQL Query Execution Vulnerability
24 February, 2023
Plugin
Zendrop – Global Dropshipping Arbitrary File Upload
24 February, 2023
Plugin
Houzez Login Register Privilege Escalation
23 February, 2023
Plugin
WatchTowerHQ Privilege Escalation
14 February, 2023
Plugin
GamiPress Unauthenticated SQL Injection vulnerability
14 February, 2023
Plugin
GamiPress CSRF Leading to Settings Change Vulnerability
13 February, 2023
Plugin
GamiPress Missing Authorization Leading to Points Manipulation Vulnerability
13 February, 2023
Theme
ColorWay CSRF Leading to Arbitrary Plugin Activation
8 February, 2023
Theme
Magazine Edge Authenticated Arbitrary Plugin Activation
2 February, 2023
Plugin
Spectra Contributor+ reCAPTCHA Settings Change Vulnerability
23 January, 2023
Plugin
Spectra Captcha Bypass Vulnerability
23 January, 2023
Plugin
Spectra Unauthenticated Email HTML Injection Vulnerability
23 January, 2023
Plugin
Spectra Unauthenticated Email Spoofing Vulnerability
23 January, 2023
Theme
Corsa Arbitrary File Upload
23 January, 2023
Theme
Upfrontwp Reflected CrossSite Scripting (XSS) vulnerability
23 January, 2023
Plugin
MainWP Broken Links Checker Extension Unauthenticated SQL Injection Vulnerability
17 January, 2023
Plugin
MainWP Broken Links Checker Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP Boilerplate Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Boilerplate Extension Subscriber+ Post/Page Deletion Vulnerability
17 January, 2023
Plugin
MainWP Article Uploader Extension Subscriber+ Arbitrary File Deletion Vulnerability
17 January, 2023
Plugin
MainWP Article Uploader Extension Subscriber+ Post/Page Deletion Vulnerability
17 January, 2023
Plugin
MainWP BlogVault Backup Extension Subscriber+ Arbitrary Plugin Installation Vulnerability
17 January, 2023
Plugin
MainWP Favorites Extension Subscriber+ Arbitrary Plugin Installation Vulnerability
17 January, 2023
Plugin
MainWP Favorites Extension Subscriber+ Arbitrary File Deletion Vulnerability
17 January, 2023
Plugin
MainWP White Label Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Buddy Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP WordPress SEO Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP UpdraftPlus Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP Staging Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP Page Speed Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP iThemes Security Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP Clone Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Code Snippets Extension Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
17 January, 2023
Plugin
MainWP Code Snippets Extension Subscriber+ Stored CrossSite Scripting Vulnerability
17 January, 2023
Plugin
MainWP Links Manager Extension Unauthenticated PHP Object Injection Vulnerability
17 January, 2023
Plugin
MainWP Code Snippets Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Comments Extension Subscriber+ Arbitrary Comment Removal/Trash/Approval/Restoration Vulnerability
17 January, 2023
Plugin
MainWP File Uploader Extension Subscriber+ Arbitrary File Deletion Vulnerability
17 January, 2023
Plugin
MainWP Rocket Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
MainWP UpdraftPlus Extension Unauthenticated Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP File Uploader Extension Unauthenticated Arbitrary File Upload Vulnerability
17 January, 2023
Plugin
MainWP Google Analytics Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Google Analytics Extension Subscriber+ SQL Injection Vulnerability
17 January, 2023
Plugin
MainWP Maintenance Extension Subscriber+ SQL Injection Vulnerability
17 January, 2023
Plugin
MainWP Maintenance Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Matomo Extension CSRF Leading To Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Post Dripper Extension Subscriber+ Post/Page Deletion Vulnerability
17 January, 2023
Plugin
MainWP Post Plus Extension Subscriber+ Post/Page Deletion Vulnerability
17 January, 2023
Plugin
MainWP Rocket Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Wordfence Extension Subscriber+ Plugin Settings Change Vulnerability
17 January, 2023
Plugin
MainWP Wordfence Extension Subscriber+ Arbitrary Plugin Activation Vulnerability
17 January, 2023
Plugin
Wp Social Auth. Sensitive Information Disclosure vulnerability
14 December, 2022
Theme
Attorney Unauth. Arbitrary Content Deletion vulnerability
1 December, 2022
Plugin
ARMember Premium Unauth. Privilege Escalation vulnerability
1 December, 2022
Plugin
Wholesale Suite Auth. Stored CrossSite Scripting (XSS) vulnerability
28 November, 2022
Plugin
Smart Slider 3 Auth. PHP Object Injection vulnerability
23 November, 2022
Plugin
Image Map Pro Multiple CrossSite Request Forgery (CSRF) vulnerabilities
23 November, 2022
Plugin
Image Map Pro CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS)
23 November, 2022
Plugin
ShareThis Dashboard for Google Analytics Broken Access Control vulnerability
23 November, 2022
Plugin
YITH WooCommerce Gift Cards Premium Unauth. Arbitrary File Upload vulnerability
22 November, 2022
Theme
Betheme Broken Access Control vulnerability
21 November, 2022
Theme
Betheme Broken Access Control vulnerability
21 November, 2022
Theme
Betheme Broken Access Control vulnerability
21 November, 2022
Theme
Betheme Broken Access Control vulnerability
21 November, 2022
Theme
Betheme Broken Access Control vulnerability
21 November, 2022
Theme
Betheme Auth. Stored CrossSite Scripting (XSS) vulnerability
21 November, 2022
Theme
Betheme Auth. PHP Object Injection vulnerability
17 November, 2022
Plugin
Multilingual CMS CrossSite Request Forgery (CSRF) vulnerability
9 November, 2022
Plugin
Multilingual CMS CrossSite Request Forgery (CSRF) vulnerability
9 November, 2022
Plugin
Multilingual CMS Broken Access Control vulnerability
9 November, 2022
Plugin
Multilingual CMS Broken Access Control vulnerability
9 November, 2022
Plugin
WatchTowerHQ Unauth. Arbitrary File Deletion vulnerability
1 November, 2022
Plugin
WatchTowerHQ Unauth. Arbitrary File Download vulnerability
1 November, 2022
Theme
Soledad Broken Access Control vulnerability
1 November, 2022
Theme
Soledad Auth. CrossSite Scripting (XSS) vulnerability
30 October, 2022
Plugin
Api2Cart Bridge Connector Arbitrary File Upload vulnerability
28 October, 2022
Plugin
Api2Cart Bridge Connector Arbitrary Code Execution vulnerability
28 October, 2022
Plugin
SearchWP Broken Authentication vulnerability
24 October, 2022
Theme
Avada CrossSite Request Forgery (CSRF) vulnerability
20 October, 2022
Plugin
Shortcodes Ultimate CSRF vulnerability leading to Stored XSS
13 October, 2022
Plugin
ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Sensitive Data Exposure vulnerability
12 October, 2022
Plugin
Shortcodes Ultimate CrossSite Request Forgery (CSRF) vulnerability
2 October, 2022
Plugin
Beaver Builder Broken Access Control vulnerability
20 July, 2022
Plugin
Breeze Plugin Settings Change leading to CrossSite Scripting (XSS) vulnerability
2 May, 2022
Plugin
Responsive Menu Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability
16 March, 2022
Plugin
Rearrange Woocommerce Products SQL Injection (SQLi) vulnerability
15 March, 2022
Plugin
Perfect Brands for WooCommerce Set Featured Brand vulnerability
28 January, 2022
Plugin
Perfect Brands for WooCommerce Server Information Exposure vulnerability
28 January, 2022
Plugin
Hide My WP Unauthenticated SQL injection (SQLi) vulnerability
24 November, 2021
Plugin
Hide My WP Unauthenticated Plugin Deactivation vulnerability
24 November, 2021
Plugin
WP Reset Authenticated Database Reset vulnerability
10 November, 2021
Plugin
WP Reset CrossSite Request Forgery (CSRF) vulnerability leading to Database Reset
10 November, 2021
Plugin
Popup Builder Authenticated Local File Inclusion (LFI) vulnerability
28 January, 2021
Plugin
Popup Builder Authenticated Deleting/Importing Subscribers vulnerability
28 January, 2021
Plugin
Popup Builder Authenticated Newsletter Send With Custom Content And Sender vulnerability
28 January, 2021
Plugin
ThemeGrill Demo Importer Bypass and Database Wipe vulnerability
8 December, 2020
Plugin
Discount Rules for WooCommerce Multiple (XSS, SQLi) Vulnerabilities
20 August, 2020
Plugin
MailerLite – Signup forms Unauthenticated SQL Injection (SQLi) vulnerability
25 May, 2020
Plugin
MailerLite – Signup forms Multiple CrossSite Request Forgery (CSRF) vulnerabilities
25 May, 2020
Plugin
WPvivid Backup and Migration Missing Authorization vulnerability leading to Database Leak
28 February, 2020
Plugin
wpCentral Privilege escalation vulnerability
24 January, 2020
Plugin
InfiniteWP Client Authentication Bypass vulnerability
8 January, 2020
Plugin
Backup and Staging by WP Time Capsule Authentication Bypass vulnerability
8 January, 2020
Plugin
Theme Editor Multiple vulnerabilities
30 September, 2019
Plugin
File Manager Multiple Vulnerabilities
10 July, 2019