WPScan Vulnerability Database

Cataloging 18340 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Latest Plugin Vulnerabilities


2020-04-03 WP Last Modified Info < 1.6.6 - Authenticated Stored XSS
2020-04-02 Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload
2020-04-02 Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scriptin...
2020-04-02 WP Advanced Search <= 3.3.5 - Unauthenticated SQL Injection
2020-04-01 LearnDash < 3.1.6 - Unauthenticated SQL Injection
2020-04-01 Login by Auth0 < 4.0.0 - Multiple Vulnerabilities
2020-03-31 Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation

Latest Theme Vulnerabilities


2020-04-03 OneTone <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS)
2020-03-13 Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
2020-02-17 Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-01-27 CarSpot < 2.2.3 - Multiple Vulnerabilities
2020-01-16 Reality <= 2.5.1 - Unauthenticated Reflected XSS
2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass
2019-11-26 WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 CSS Hero < 4.07 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)