WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
cac-featured-content 2014-08-01 CAC Featured Content 0.8 - Shell Upload
calculated-fields-form 2015-03-02 Calculated Fields Form <= 1.0.10 - SQL Injection via CSRF
caldera-forms 2016-11-08 Caldera Forms <= 1.3.5.3 - Cross Site Scripting
caldera-forms 2017-10-30 Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripti...
caldera-forms 2018-04-26 Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting ...
caldera-forms-pro 2019-03-11 Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary Fi...
calendar 2014-08-01 Calendar <= 1.3.2 - Entry Addition Cross-Site Request For...
calendar 2016-11-08 Calendar <= 1.3.7 - Cross-Site Scripting (XSS)
calendar 2018-11-02 Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scr...
camptix 2019-07-18 CampTix Event Ticketing <= 1.5.0 - CSV Injection Bypasses...
camptix 2019-07-18 CampTix Event Ticketing <= 1.4.2 - CSV Injection and XSS
candidate-application-form 2015-07-14 Candidate Application Form <= 1.0 - Arbitrary File Download
capability-manager-enhanced 2019-07-18 Capability Manager Enhanced <= 1.5.8 - Authenticated SQLi
captain-slider 2015-08-30 Captain Slider 1.0.6 - Cross-Site Scripting (XSS)
captcha 2014-08-01 Captcha 2.12-3.8.1 - Captcha Bypass
captcha 2015-03-03 Captcha <= 4.0.6 - Captcha Bypass
adsense-plugin 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
captcha 2017-12-20 Captcha 4.3.6–4.4.4 - Backdoored
car-demon 2014-08-01 Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS
car-demon 2014-08-01 Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS
adsense-plugin 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
car-rental-system 2015-08-26 Car Rental System <= 3.0 - SQL Injection
cardoza-ajax-search 2014-08-01 Ajax Post Search <= 1.3 - SQL Injection
cardoza-wordpress-poll 2014-08-01 Cardoza WordPress Poll <= 34.05 - Multiple External Funct...
cardoza-wordpress-poll 2014-08-01 WordPress Poll <= 34.05 - SQL Injection
cardoza-wordpress-poll 2014-08-01 Cardoza WordPress poll - Multiple SQL Injection Vulnerabi...
cart66 2015-01-01 Cart66 Pro <= 1.5.3 Arbitrary File Disclosure
cart66-lite 2014-08-01 Cart66 Lite 1.5.1.14 - admin.php cart66-products Page Pro...
cart66-lite 2014-08-01 Cart66 Lite - admin.php cart66-products Page Multiple Fie...
cart66-lite 2014-12-03 Cart66 Lite <= 1.5.1.17 - Blind SQL Injection
cart66-lite 2015-01-01 Cart66 Lite <= 1.5.3 - SQL Injection
cart66-lite 2015-05-29 Cart66 Lite 1.5.4 - XSS
carts-guru 2019-05-27 Carts Guru <= 1.4.4 - Unauthenticated Object Injection
catablog 2014-08-01 Catablog <= 1.6 - Cross Site Scripting
category-grid-view-gallery 2014-08-01 Category Grid View Gallery 0.1.1 - Shell Upload
category-grid-view-gallery 2014-08-01 Category Grid View Gallery 2.3.1 - CatGridPost.php ID Par...
category-list-portfolio-page 2014-08-01 Category List Portfolio Page 0.9 - Shell Upload
category-specific-rss-feed-... 2019-07-18 Category Specific RSS feed Subscription <= 2.0 - Cross-Si...
category-wise-search 2014-08-01 Wise Search Widget 1.1 - s Parameter Reflected XSS
catholic-liturgical-calendar 2014-08-01 Catholic Liturgical Calendar Widget 0.0.1 - Title Field S...
cbi-referral-manager 2014-11-01 CBI Referral Manager <= 1.2.1 Cross-Site Scripting (XSS)
cevhershare 2014-08-01 CevherShare 2.0 - SQL Injection
cf7-invisible-recaptcha 2019-06-20 CF7 Invisible reCaptcha <= 1.3.1 - XSS
cforms 2015-01-13 Cforms & CformsII <= 14.7 - Remote Code Execution via Una...
cforms 2017-03-20 Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass
cforms 2017-03-20 Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)
cforms 2015-01-13 Cforms & CformsII <= 14.7 - Remote Code Execution via Una...
cforms 2017-03-20 Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass
chained-quiz 2017-01-04 Chained Quiz <= 0.9.8 - Cross-Site Scripting (XSS)
chained-quiz 2018-08-17 Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection