WPScan Vulnerability Database

Cataloging 21640 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities.

Latest WordPress Vulnerabilities


2020-06-11 WordPress < 5.4.2 - Authenticated XSS via Media Files
2020-06-11 WordPress < 5.4.2 - Authenticated XSS via Theme Upload
2020-06-11 WordPress < 5.4.2 - Disclosure of Password-Protected Page/Post Comments
2020-06-11 WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation
2020-06-11 WordPress < 5.4.2 - Open Redirection
2020-06-10 WordPress < 5.4.2 - Authenticated XSS in Block Editor
2020-04-29 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer

Latest Plugin Vulnerabilities


2020-07-05 JobSearch < 1.5.2 - Multiple Cross-Site Scripting Issues
2020-07-03 Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored (XSS)
2020-07-02 Payment Form For Paypal Pro < 1.1.65 - Unauthenticated SQL Injection
2020-07-01 WPForms < 1.6.0.2 - Authenticated Stored Cross-Site Scripting (XSS)
2020-06-28 ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure
2020-06-25 Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 -...
2020-06-23 WooCommerce < 4.2.1 - Potential Cross-Site Scripting (XSS) via SelectWoo

Latest Theme Vulnerabilities


2020-07-05 Careerfy < 4.0.0 - Multiple Cross-Site Scripting (XSS) Issues
2020-07-03 CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting
2020-06-28 Nexos - Real Estate < 1.8 - Unauthenticated Reflected XSS & SQL Injection
2020-06-19 CityBook < 2.4.4 - Unauthenticated Reflected XSS
2020-06-19 TownHub < 1.3.0 - Unauthenticated Reflected XSS
2020-06-19 Travel Booking < 2.8.2 - Unauthenticated Reflected XSS
2020-06-03 Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass
2019-11-26 WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-13 WordPress <= 5.3 - Authenticated Improper Access Controls in REST API
2019-12-02 CSS Hero < 4.07 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)

The WordPress vulnerability data from this website is used within our:

WordPress Security Scanner - Online WordPress Security Scanner - WordPress Security Plugin