WPScan Vulnerability Database

Cataloging 16782 WordPress Core, Plugin and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Customizer
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Style Tags
2019-10-14 WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Latest Plugin Vulnerabilities


2019-10-16 All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)
2019-10-16 EU Cookie Law <= 3.0.6 - Stored XSS
2019-10-16 Events Manager < 5.9.6 - Stored XSS
2019-10-16 Fast Velocity Minify < 2.7.7 - Full Path Disclosure
2019-10-15 Broken Link Checker <= 1.11.8 - Authenticated Reflected Cross-Site Scripting ...
2019-10-15 Zoho CRM Lead Magnet Plugin - Authenticated Cross Site Scripting (XSS)
2019-10-14 Lara Google Analytics <= 2.0.4 - Authenticated Stored XSS

Latest Theme Vulnerabilities


2019-10-09 SoundPress <= 2.2.6 - Cross-Site Scripting (XSS)
2019-09-08 Nexos - Real Estate <= 1.6 - SQL Injection & Persistent XSS
2019-09-08 Reality | Estate Multipurpose <= 2.3.0 - Multiple Persistent XSS
2019-09-08 Selio - Real Estate Directory <= 1.1 - SQL Injection & Persistent XSS
2019-07-29 Real Estate 7 <= 2.9.0 - Stored XSS & IDOR
2019-07-05 Zoner - Real Estate <= 4.1 - Reflected & Stored XSS
2019-05-05 Traveler - Travel Booking WordPress Theme 2.7.1 - Reflected & Stored XSS

Most Viewed Vulnerabilities


2018-09-04 Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
2019-03-13 WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
2014-08-01 Contact Form 7 <= 3.7.1 - CAPTCHA Bypass
2014-11-25 WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2018-06-27 WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
2018-12-13 WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
2018-12-13 WordPress <= 5.0 - PHP Object Injection via Meta Data