WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
background-music 2014-08-01 background-music 1.0 - jPlayer.swf XSS
backup 2016-02-17 Backup Guard <= 1.0.2 - Arbitrary File Upload
backupbuddy 2014-08-01 Backupbuddy - importbuddy.php Direct Request Remote Backu...
backupbuddy 2014-08-01 Backupbuddy - importbuddy.php step Parameter Manipulation...
backupbuddy 2014-08-01 Backupbuddy - importbuddy.php step Parameter Remote PHP I...
backupbuddy 2014-08-01 Backupbuddy - importbuddy.php Restore Operation Persisten...
backupwordpress 2014-08-01 BackUp <= 0.4.2b - RFI
backwpup 2014-08-01 BackWPUp 2.1.4 - Code Execution
backwpup 2014-08-01 plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote & Local Code...
backwpup 2014-08-01 BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS
bad-behavior 2014-08-01 Bad Behavior <= 2.2.4 - Cross-Site Scripting (XSS)
banner-effect-header 2015-01-12 Banner Effect Header 1.2.6 - XSS & CSRF
banner-effect-header 2015-01-30 Banner Effect Header <= 1.2.7 - Cross-Site Scripting (XSS)
bannerman 2014-08-01 BannerMan 0.2.4 - XSS in wp-admin/options-general.php via...
barclaycart 2014-08-01 Barclaycart - Shell Upload
basic-google-maps-placemarks 2014-08-01 Basic Google Maps Placemarks 1.10.2 - settings.php Multip...
bbpress 2014-08-01 bbPress - Multiple Script Malformed Input Path Disclosure
bbpress 2014-08-01 bbPress - forum.php page Parameter SQL Injection
bbpress 2016-05-03 bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS)
bbpress 2016-07-14 bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-...
bbs-e-franchise 2016-12-06 BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection
beer-recipes 2014-08-01 Beer Recipes 1.0 - XSS
better-search 2014-08-01 Better Search 1.2.1 - admin.inc.php Setting Manipulation ...
better-search 2014-12-16 Better Search <= 1.3.4 - Reflective XSS
better-wp-security 2014-08-01 Better WP Security 3.6.3 - Online Backup Storage current_...
better-wp-security 2014-08-01 Better WP Security 3.6.3 - /wp-admin/admin-ajax.php licen...
better-wp-security 2014-08-01 Better WP Security 3.5.5 - inc/admin/content.php id_speci...
better-wp-security 2014-08-01 Better WP Security <= 3.5.3 - inc/secure.php logevent Fun...
better-wp-security 2014-08-01 Better WP Security 3.4.3 - Multiple XSS
better-wp-security 2014-08-01 Better WP Security <= 3.2.4 - Cross-Site Scripting (XSS)
better-wp-security 2015-04-15 iThemes Security 3.0-4.6.12 – Stored Cross-Site Scriptin...
better-wp-security 2016-04-05 iThemes Security <= 5.3.4 - Potential Authenticated DOM C...
better-wp-security 2016-04-22 iThemes Security <= 5.3.0 - Insecure Backup/Logfile Gener...
better-wp-security 2016-04-25 iThemes Security <= 5.3.5 - Lack of Capability Check
better-wp-security 2016-10-06 iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-...
bib2html 2014-08-01 bib2html 0.9.3 - /OSBiB/create/index.php styleShortName P...
bigcontact 2014-08-01 bigcontact - SQLI
bird-feeder 2014-12-17 Bird Feeder <= 1.2.3 - CSRF & XSS
bj-lazy-load 2015-09-02 BJ Lazy Load <= 0.7.5 - Remote File Inclusion (Timthumb)
blaze-slide-show-for-wordpress 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
blaze-slide-show-for-wordpress 2014-08-01 Blaze Slideshow 2.1 - Unspecified Security
blogstand-smart-banner 2014-08-01 Blogst& Smart Banner 1.0 - blogst&-banner.php bs_blog_id ...
blogvault-real-time-backup 2014-08-01 blogVault 1.08 - Missing Account Empty Secret Key Generation
blogvault-real-time-backup 2014-08-01 blogVault 1.05 - admin.php blogVault Key Setting CSRF
bloom 2016-02-18 ElegantThemes - Privilege Escalation
blue-wrench-videos-widget 2014-08-01 Blue Wrench Video Widget 1.0.2 - Multiple Stored Cross-Si...
bonuspressx 2014-08-01 Bonuspressx - ar_submit.php n Parameter XSS
booking 2014-08-01 Booking Calendar <= 4.1.5 - Cross-Site Request Forgery (C...
booking 2016-08-01 Booking Calendar <= 6.2 - Reflected Cross-Site Scripting ...
booking 2016-08-01 Booking Calendar <= 6.2 - SQL Injection
booking-calendar-contact-form 2015-05-13 Booking Calendar Contact Form <= 1.0.2 - Multiple Authent...
booking-system 2014-08-01 Booking System - Reflected Cross-Site Scripting (XSS)
booking-system 2014-08-01 Booking System <= 1.2 - SQL Injection
booking-system 2015-11-24 Pinpoint Booking System <= 2.0 - Authenticated Blind SQL ...
bookings 2014-08-01 Bookings <= 1.8.2 - controlpanel.php error Parameter XSS
bookmarkify 2015-08-10 Bookmarkify <= 2.9.2 - Cross-Site Scripting (XSS) & CSRF