WPScan Vulnerability Database

Cataloging 20109 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities.

Latest WordPress Vulnerabilities


2020-04-29 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer
2020-04-29 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
2020-04-29 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Search Block
2020-04-29 WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache
2020-04-29 WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated
2020-04-29 WordPress < 5.4.1 - Unauthenticated Users View Private Posts
2019-12-13 WordPress <= 5.3 - Authenticated Improper Access Controls in REST API

Latest Plugin Vulnerabilities


2020-06-05 Elementor Page Builder < 2.9.10 - Authenticated Stored XSS
2020-06-03 AdRotate < 5.8.4 - Authenticated SQL Injection
2020-06-03 JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-05-29 Multi Scheduler <= 1.0.0 - Arbitrary Record Deletion via CSRF
2020-05-28 bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums li...
2020-05-28 bbPress < 2.6.5 - Unauthenticated Privilege Escalation when New User Registra...
2020-05-28 bbPress 2.6-2.6.5 - Authenticated Privilege Escalation via the Super Moderato...

Latest Theme Vulnerabilities


2020-06-03 Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-06-03 Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting
2020-05-01 Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation,...
2020-04-03 OneTone <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS)
2020-03-13 Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
2020-02-17 Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-01-27 CarSpot < 2.2.3 - Multiple Vulnerabilities

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass
2019-11-26 WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-13 WordPress <= 5.3 - Authenticated Improper Access Controls in REST API
2019-12-02 CSS Hero < 4.07 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)

The WordPress vulnerability data from this website is used within our:

WordPress Security Scanner - Online WordPress Security Scanner - WordPress Security Plugin