WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
mac-dock-gallery 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
mac-dock-gallery 2014-08-01 Mac Photo Gallery - Two Security Bypass Security Issues
mac-dock-gallery 2014-08-01 Mac Photo Gallery - Multiple Script Insertion Vulnerabili...
mac-dock-gallery 2014-08-01 Mac Photo Gallery - upload-file.php File Upload
magic-fields 2017-03-03 Magic Fields <= 1.7.1 - Authenticated Cross-Site Scripti...
magn-html5-drag-and-drop-me... 2014-08-01 Magn WP Drag & Drop <= 1.1.4 - Upload Shell Upload
mail-masta 2016-08-24 Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI)
mail-masta 2017-02-23 Mail Masta 1.0 - Multiple SQL Injection
mail-on-update 2014-08-01 Mail On Update 5.1.0 - Email Option Manipulation CSRF
mail-subscribe-list 2014-08-01 Mail Subscribe List - Script Insertion
mailchimp-for-wp 2016-12-13 MailChimp for WordPress <= 4.0.10 - Authenticated Cross-S...
mailchimp-subscribe-sm 2015-04-25 MailChimp Subscribe Form <= 1.1 - Email Field Remote PHP ...
mailcwp 2015-07-11 MailCWP 1.100 - Unauthenticated Arbitrary File Upload
mailz 2014-08-01 Mailing List 1.3.2 - Remote File Inclusion
mailz 2014-08-01 Mailing List - Arbitrary file download
mainwp 2015-08-08 MainWP <= 2.0.22 - Unspecified
mainwp 2016-05-03 MainWP <= 3.1.2 - Unauthenticated Stored Cross-Site Scrip...
mainwp-child 2015-03-10 MainWP Child <= 2.0.9.1 - Authentication Bypass
mainwp-child 2015-08-08 MainWP <= 2.0.22 - Unspecified
manual-image-crop 2015-11-24 Manual Image Crop <= 1.10 - Authenticated Reflected Cross...
mapsmarker 2014-08-01 Leaflet Maps Marker - Multiple security issues
mapsmarker 2014-08-01 Leaflet Maps Marker - Tag Multiple Parameter SQL Injection
marekkis-watermark 2014-08-01 Marekkis Watermark 0.9.2 - wp-admin/options-general.php p...
markdown-on-save-improved 2016-06-05 Markdown on Save Improved <= 2.5 - Stored Cross-Site Scri...
mashsharer 2015-04-25 Mashshare <= 2.3.0 - Information Disclosure
master-slider 2015-11-22 Master Slider <= 2.5.1 - Authenticated Blind SQL Injection
master-slider 2016-07-13 Master Slider <= 2.7.1 - Reflected Cross-Site Scripting (...
mathjax-latex 2014-08-01 Mathjax Latex 1.1 - Setting Manipulation CSRF
matrix-image-gallery 2015-05-14 Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scri...
maxbuttons 2014-08-01 MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Au...
maxbuttons 2014-10-15 MaxButtons 1.26.0 - Cross Site Scripting (XSS)
mdc-private-message 2015-08-22 MDC Private Message <= 1.0.0 - Authenticated Stored Cross...
mdc-youtube-downloader 2015-07-05 MDC YouTube Downloader <= 2.1.0 - Local File Inclusion
media-file-manager-advanced 2015-05-13 Media File Manager Advanced <= 1.1.5 - Multiple Vulnerab...
media-file-renamer 2014-08-01 Media File Renamer <= 1.7.0 - Stored Cross-Site Scripting...
media-library-categories 2014-08-01 Media Library Categories <= 1.0.6 - SQL Injection
media-library-categories 2014-08-01 Media Library Categories <= 1.1.1 - Cross Site Scripting
meenews 2014-08-01 meenews 5.1 - Cross-Site Scripting Vulnerabilities
member-approval 2014-08-01 Member Approval 131109 - wp-admin/options-general.php Opt...
membership-simplified-for-o... 2017-03-15 Membership Simplified 1.58 - Unauthenticated Arbitrary Fi...
membersonic-lite 2016-06-29 MemberSonic Lite <= 1.2 - Authentication Bypass