WPScan Vulnerability Database

Cataloging 18191 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Latest Plugin Vulnerabilities


2020-01-16 Chained Quiz < 1.1.8.2 - Reflected XSS
2020-01-16 Resim Ara <= 3.0 - Unauthenticated Reflected XSS
2020-01-16 WP Database Reset < 3.15 - Privilege Escalation
2020-01-16 WP Database Reset < 3.15 - Unauthenticated Database Reset
2020-01-15 LearnDash < 3.1.2 - Reflected Cross Site Scripting (XSS) issue on the [ld_pro...
2020-01-14 Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass
2020-01-14 InfiniteWP Client < 1.9.4.5 - Authentication Bypass

Latest Theme Vulnerabilities


2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
2020-01-13 Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues
2020-01-10 EasyBook < 1.2.2 - Multiple Vulnerabilities
2020-01-09 CityBook < 2.3.4 - Multiple Vulnerabilities
2020-01-09 TownHub < 1.0.6 - Multiple Vulnerabilities
2020-01-02 ElegantThemes (divi, extra, divi-builder < 4.0.10) - Authenticated Code Injec...

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor <= 1.20.0 - Authentication Bypass
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 CSS Hero <= 4.03 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)
2019-12-12 Ultimate Addons for Beaver Builder <= 1.24.0 - Authentication Bypass