WPScan Vulnerability Database

Cataloging 17824 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Customizer

Latest Plugin Vulnerabilities


2019-12-12 Ultimate Addons for Beaver Builder <= 1.24.0 - Authentication Bypass
2019-12-12 Ultimate Addons for Elementor <= 1.20.0 - Authentication Bypass
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)
2019-12-02 CSS Hero <= 4.03 - Authenticated Reflected XSS
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-11-19 Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code
2019-11-19 WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scr...

Latest Theme Vulnerabilities


2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 Superlist <= 2.9.2 - Stored Cross-Site Scripting (XSS)
2019-11-29 ListingPro <= 2.0.14.2 - Reflected & Persistent XSS
2019-10-21 Bridge Theme <= 18.2 - Open Redirect
2019-10-09 SoundPress <= 2.2.6 - Cross-Site Scripting (XSS)
2019-09-27 Zoner <= 4.1.1 - Persistent XSS & IDOR
2019-09-16 InJob <= 3.3.7 - Reflected & Persistent XSS

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor <= 1.20.0 - Authentication Bypass
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2018-09-04 Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
2019-11-19 Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
2014-08-01 Contact Form 7 <= 3.7.1 - CAPTCHA Bypass
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update