WPScan Vulnerability Database
WordPress
Plugins
Themes
Submit
WPScan Vulnerability Database
4223
Cataloging
0
4223
WordPress Core, Plugin and Theme vulnerabilities
Free Email Alerts
Submit a Vulnerability
Try our API
Latest WordPress Vulnerabilities
2016-02-02
WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
2016-02-02
WordPress 3.7-4.4.1 - Open Redirect
2016-01-06
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
2015-09-15
WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
2015-09-15
WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
2015-09-15
WordPress <= 4.3 - Publish Post and Mark as Sticky Permission Issue
2015-08-05
WordPress <= 4.2.3 - Timing Side Channel Attack
Latest Plugin Vulnerabilities
2016-01-03
Simple Ads Manager <= 2.9.4.116 - SQL Injection
2016-02-25
User Submitted Posts <= 20151113 - Persistent Cross-Site Scripting (XSS)
2016-02-24
Import Woocommerce <= 1.0.1 - Reflected Cross-Site Scripting (XSS)
2016-02-23
CSV Import 1.0 - Reflected Cross-Site Scripting (XSS)
2016-02-23
WP Advanced Importer Plugin <= 2.1.1 - Reflected Cross-Site Scripting (XSS)
2016-02-18
ElegantThemes - Privilege Escalation
2016-02-16
ALO EasyMail Newsletter <= 2.6.01 - Cross-Site Request Forgery (CSRF)
Latest Theme Vulnerabilities
2016-02-18
ElegantThemes - Privilege Escalation
2015-08-03
Builder Theme <= 1.4.0 - PrettyPhoto DOM Cross-Site Scripting (XSS)
2015-06-26
Multiple Themes - Privilige Escalation
2015-06-18
Salem Theme <= 1.5.5 - PrettyPhoto DOM Cross-Site Scripting (XSS)
2015-06-16
Salient Theme <= 4.9 - DOM Cross-Site Scripting (XSS)
2015-09-08
uDesign Theme 1.8.0-2.7.9 - DOM Cross-Site Scripting (XSS)
2015-05-27
ThemeMakers Themes - Information Disclosure
Most Viewed Vulnerabilities
2014-11-25
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2015-06-11
WordPress 4.1 - 4.1.1 - Arbitrary File Upload
2015-03-11
WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection
2015-09-15
WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
2015-08-04
WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
2014-11-30
WordPress <= 4.0 - Server Side Request Forgery (SSRF)
2014-11-20
WordPress <= 4.0 - Long Password Denial of Service (DoS)
