WPScan Vulnerability Database

Cataloging 18330 WordPress Core Vulnerabilities, Plugin Vulnerabilities and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Latest Plugin Vulnerabilities


2020-03-31 Elementor Page Builder < 2.9.6 - Authenticated Safe Mode Privilege Escalation
2020-03-31 LifterLMS < 3.37.15 - Arbitrary File Writing
2020-03-31 WordPress SEO Plugin - Rank Math < 1.0.41 - Privilege Escalation via Unprotec...
2020-03-31 WordPress SEO Plugin - Rank Math < 1.0.41 - Redirect Creation via Unprotected...
2020-03-27 CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS
2020-03-26 IMPress for IDX Broker < 2.6.2 - Authenticated Post Creation, Modification, a...
2020-03-26 IMPress for IDX Broker < 2.6.2 - Authenticated Stored Cross-Site Scripting (X...

Latest Theme Vulnerabilities


2020-03-13 Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
2020-02-17 Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-01-27 CarSpot < 2.2.3 - Multiple Vulnerabilities
2020-01-16 Reality <= 2.5.1 - Unauthenticated Reflected XSS
2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
2020-01-13 Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Most Viewed Vulnerabilities


2019-12-12 Ultimate Addons for Elementor < 1.20.1 - Authentication Bypass
2019-11-26 WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)
2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-12-02 CSS Hero < 4.07 - Authenticated Reflected XSS
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-10 Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)