WPScan Vulnerability Database

Cataloging 18207 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Latest Plugin Vulnerabilities


2020-01-27 WPS Hide Login < 1.5.5 - Secret Login Page Disclosure
2020-01-24 WP DS FAQ Plus < 1.4.2 - Stored Cross-Site Scripting (XSS)
2020-01-24 wpCentral < 1.4.8 - Privilege Escalation
2020-01-22 Calculated Fields Form < 1.0.354 - Authenticated Stored XSS
2020-01-22 Contact Form Clean and Simple <= 4.7.0 - Authenticated Stored XSS
2020-01-21 AccessAlly < 3.3.2 - Arbitrary PHP Execution
2020-01-21 Chatbot with IBM Watson < 0.8.21 - DOM Cross-Site Scripting

Latest Theme Vulnerabilities


2020-01-27 CarSpot < 2.2.1 - Multiple Vulnerabilities
2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
2020-01-13 Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues
2020-01-10 EasyBook < 1.2.2 - Multiple Vulnerabilities
2020-01-09 CityBook < 2.3.4 - Multiple Vulnerabilities
2020-01-09 TownHub < 1.0.6 - Multiple Vulnerabilities

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor <= 1.20.0 - Authentication Bypass
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 CSS Hero <= 4.03 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links