WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
portable-phpmyadmin 2014-08-01 portable-phpMyAdmin - Authentication Bypass
portable-phpmyadmin 2014-08-01 Portable phpMyAdmin - /pma/phpinfo.php Direct Request Sys...
portable-phpmyadmin 2014-08-01 Portable phpMyAdmin 1.4.1 - Multiple Script Direct Reques...
car-rental 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
portfolio-by-lisa-westlund 2015-07-21 Portfolio 1.0 - Cross-Site Request Forgery (CSRF)
portfolio-gallery 2015-11-24 Portfolio Gallery <= 1.5.7 - Authenticated Reflected Cros...
portfolio-gallery 2016-10-10 Portfolio <= 2.1.10 - Reflected Cross-Site Scripting (XSS)
portfolio-slideshow-pro 2014-08-01 portfolio-slideshow-pro v3 - SQL Injection
post-duplicator 2016-07-14 Post Duplicator <= 2.16 - Cross-Site Scripting (XSS)
post-expirator 2014-08-01 Post Expirator <= 2.1.1 - Cross-Site Request Forgery
post-gallery 2014-08-01 Post Gallery - Cross-Site Scripting (XSS)
post-grid 2016-11-17 Post Grid <= 2.0.12 - Unauthenticated Arbitrary File Dele...
post-highlights 2014-08-01 post highlights <= 2.2 - SQL Injection
post-highlights 2015-11-13 Post highlights 2.0-2.6 - Stored Cross-Site Scripting (XSS)
post-indexer 2016-11-21 Post Indexer <= 3.0.6.1 - PHP Object Injection via MitM
post-indexer 2016-11-21 Post Indexer <= 3.0.6.1 - Authenticated SQL Injection
wp-affiliate-disclosure 2019-03-01 Fremius Library <= 2.2.3 - Authenticated Option Update
rating-bws 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
post-to-twitter 2014-12-20 Post to Twitter <= 0.7 CSRF & XSS
post-views 2014-08-01 Post views 2.6.1.2 - search_input Parameter Cross-Site Sc...
postie 2014-08-01 Postie 1.4.3 - Stored XSS
postman-smtp 2017-10-09 Postman SMTP Mailer/Email Log - Cross-Site Scripting (XSS)
postmatic 2015-09-13 Postmatic <= 1.4.5 - Cross-Site Scripting (XSS)
power-zoomer 2014-08-01 powerzoomer - Arbitrary File Upload
wp-matrix-gallery 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
powerpress 2015-01-29 Blubrry PowerPress <= 6.0 - Cross-Site Scripting (XSS)
powerpress 2015-10-27 Blubrry PowerPress Podcasting plugin <= 6.0.4 - Authentic...
powerpress 2016-02-07 XSS in Blubrry PowerPress Podcasting wordpress plugin <= ...
Premium_Gallery_Manager 2014-08-01 Premium Gallery Manager - Shell Upload
premium-seo-pack 2015-04-24 Premium SEO Pack 1.8.0 - Unauthenicated Arbitrary File Up...
pretty-link 2014-08-01 Pretty Link Lite <= 1.5.3 - Cross-Site Scripting (XSS)
pretty-link 2014-08-01 Pretty Link Lite <= 1.6.0 - Cross-Site Scripting (XSS)
pretty-link 2014-08-01 Pretty Link Lite <= 1.6.2 - XSS in SWF
pretty-link 2015-11-22 Pretty Link Lite <= 1.6.7 - Authenticated SQL Injection
pretty-link 2019-06-19 Shortlinks by Pretty Links <= 2.1.9 - Stored XSS and CSV ...
prettyphoto 2015-05-06 WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting (...
print-my-blog 2019-04-27 Print My Blog <= 1.6.5 - Unauthenticated Server Side Requ...
private-only 2015-08-26 Private Only <= 3.5.1 - CSRF & XSS
product-catalog-8 2016-12-06 Product Catalog 8 1.2 - Unauthenticated SQL Injection
profile-builder 2014-08-01 Profile Builder 1.1.59 - front-end/wppb.recover.password....
profile-builder 2015-11-13 Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting...
profile-builder 2016-07-08 Profile Builder <= 2.4.0 - Privilege Escalation
profile-builder 2016-07-13 Profile Builder <= 2.4.1 - Reflected Cross-Site Scripting...
profile-builder 2017-03-15 Profile Builder <= 5.2.7 - Authenticated Stored Cross-Sit...
car-rental 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
profilegrid-user-profiles-g... 2018-05-18 ProfileGrid – User Profiles, Groups and Communities <= 2....