WPScan Vulnerability Database

Cataloging 18236 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Latest Plugin Vulnerabilities


2020-02-18 Easy Property Listings < 3.4 - Cross-Site Request Forgery (CSRF)
2020-02-17 wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
2020-02-16 Popup Builder < 3.0 - SQL injection via PHP Deserialization
2020-02-16 ThemeGrill Demo Importer < 1.6.2 - Auth Bypass & Database Wipe
2020-02-12 GDPR Cookie Consent < 1.8.3 - Improper Access Controls
2020-02-10 Participants Database < 1.9.5.6 - Authenticated Time Based SQL Injection
2020-02-10 Profile Builder and Profile Builder Pro < 3.1.1 - User Registration With Admi...

Latest Theme Vulnerabilities


2020-01-27 CarSpot < 2.2.1 - Multiple Vulnerabilities
2020-01-16 Reality <= 2.5.1 - Unauthenticated Reflected XSS
2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
2020-01-13 Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues
2020-01-11 Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)
2020-01-10 EasyBook < 1.2.2 - Multiple Vulnerabilities

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor <= 1.20.0 - Authentication Bypass
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 CSS Hero <= 4.03 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links