WPScan Vulnerability Database

Cataloging 16853 WordPress Core, Plugin and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Customizer
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Style Tags
2019-10-14 WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Latest Plugin Vulnerabilities


2019-11-14 Blog2Social < 5.9.0 - Cross-Site Scripting Issue
2019-11-13 Email Subscribers & Newsletters < 4.2.3 - Multiple Issues
2019-11-13 Email Subscribers & Newsletters < 4.3.1 - Blind SQL Injection
2019-11-13 Social Photo Gallery <= 1.0 - Remote Code Execution
2019-11-12 Anti-Spam by CleanTalk < 5.127.4 - Cross-Site Scripting Issue
2019-11-10 IgniteUp < 3.4.1 - Multiple Issues
2019-11-08 Safe SVG < 1.9.6 - XSS Protection Bypass

Latest Theme Vulnerabilities


2019-10-21 Bridge Theme <= 18.2 - Open Redirect
2019-10-09 SoundPress <= 2.2.6 - Cross-Site Scripting (XSS)
2019-09-27 Zoner <= 4.1.1 - Persistent XSS & IDOR
2019-09-16 InJob <= 3.3.7 - Reflected & Persistent XSS
2019-09-08 Nexos - Real Estate <= 1.6 - SQL Injection & Persistent XSS
2019-09-08 Reality | Estate Multipurpose <= 2.3.0 - Multiple Persistent XSS
2019-09-08 Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS

Most Viewed Vulnerabilities


2018-09-04 Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
2014-08-01 Contact Form 7 <= 3.7.1 - CAPTCHA Bypass
2019-03-13 WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
2014-11-25 WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
2018-12-13 WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
2018-06-27 WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion