WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
w3-total-cache 2014-08-01 W3 Total Cache 0.9.2.4 - Username & Hash Extract
w3-total-cache 2014-08-01 W3 Total Cache - Remote Code Execution
w3-total-cache 2014-09-28 W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Debug Mode XSS
w3-total-cache 2016-09-22 W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Toke...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP C...
w3-total-cache 2016-11-01 W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Req...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SN...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Information Disclosure Race C...
wa-form-builder 2016-12-06 WA Form Builder 1.1 - Unauthenticated SQL Injection
wangguard 2016-08-03 WangGuard <= 1.7.1 - Cross-Site Scripting (XSS)
wangguard 2017-01-19 WangGuard <= 1.7.2 - Authenticated Reflected Cross-Site S...
wassup 2014-08-01 WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
wassup 2016-11-08 WassUp Real Time Analytics <= 1.9 - Cross Site Scripting
watupro 2015-09-01 WatuPRO <= 4.8.8.4 - Cross-Site Request Forgery (CSRF)
watupro 2017-09-07 WatuPRO <= 5.5.1 - SQL Injection
wc-shortcodes 2016-11-21 WP Canvas - Shortcodes <= 2.05 - Authenticated Stored Cro...
webapp-builder 2017-03-08 Webapp builder 2.0 - Unauthenticated File Upload
webcam-2way-videochat 2014-09-17 Webcam 2Way Videochat 4.41 - Cross-Site Scripting (XSS)
webengage 2014-08-01 WebEngage 2.0.0 - callback.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - renderer.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - resize.php height Parameter XSS
webinar_plugin 2014-08-01 Easy Webinar - get_widget.php wid Parameter SQL Injection
weblizar-pinterest-feeds 2018-01-22 Pinterest Feed <= 1.1.1 - Authenticated XSS & CSRF
wp-instagram-bank 2015-05-14 Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scri...
websimon-tables 2015-11-24 Websimon Tables <= 1.3.4 - Authenticated Reflected Cross-...
website-contact-form-with-f... 2015-04-13 N-Media Website Contact Form with File Upload <= 1.3.4 - ...
website-contact-form-with-f... 2015-06-03 N-Media Website Contact Form with File Upload <= 1.5 - Lo...
website-contact-form-with-f... 2016-09-21 N-Media Website Contact Form with File Upload - Arbitrary...
website-faq 2014-08-01 Website FAQ 1.0 - wp-admin/admin-ajax.php category Parame...
wechat-broadcast 2018-09-24 Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
wf-cookie-consent 2018-05-03 WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cro...
white-label-cms 2014-08-01 White Label CMS - Cross-Site Request Forgery
white-label-cms 2015-04-29 White Label CMS <= 1.5.2 - Stored XSS
whizz 2016-04-19 WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scr...
whizz 2017-04-10 WHIZZ <= 1.1 - Cross-Site Request Forgery (CSRF)
whydowork-adsense 2014-12-29 WhyDoWork AdSense 1.2 - XSS & CSRF
widget-control-powered-by-e... 2014-08-01 Widget Control Powered By Everyblock 1.0.1 - wp-admin/adm...
wonderm00ns-simple-facebook... 2018-06-21 Open Graph for Facebook, Google+ and Twitter Card Tags <=...
wonderm00ns-simple-facebook... 2018-07-04 Open Graph for Facebook, Google+ and Twitter Card Tags <=...
wonderplugin-audio 2015-02-19 WonderPlugin Audio Player 2.0 Blind SQL Injection & XSS
woo-custom-checkout-field 2016-07-26 Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS
woo-email-control 2016-07-19 Woo Email Control <= 1.01 - Reflected Cross-Site Scriptin...
woo-order-export-lite 2018-06-21 Advanced Order Export For WooCommerce <= 1.5.4 - CSV Inje...
woocommerce 2014-08-01 WooCommerce 2.0.17 - hide-wc-extensions-message Parameter...
woocommerce 2014-08-01 WooCommerce 2.0.12 - index.php calc_shipping_state Parame...
woocommerce 2014-09-21 WooCommerce <= 2.1.12 - Reflected Cross-Site Scripting (XSS)
woocommerce 2014-12-01 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)
woocommerce 2015-02-22 WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS)
woocommerce 2015-03-13 WooCommerce 2.3 - 2.3.5 - SQL Injection
woocommerce 2015-06-10 WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
woocommerce 2015-11-18 WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting...
woocommerce 2016-07-20 WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting...
woocommerce 2016-09-11 WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) ...
woocommerce 2017-01-04 WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
woocommerce 2018-02-23 WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
woocommerce 2018-08-30 WooCommerce <= 3.4.4 - Potential Object Injection
woocommerce 2018-10-19 WooCommerce <= 3.4.5 - Authenticated Object Injection
woocommerce 2018-11-07 WooCommerce <= 3.4.5 - Authenticated File Deletion to Pri...
woocommerce-abandoned-cart 2015-11-24 Woocommerce Ab&oned Cart Lite <= 1.8 - Authenticated Blin...
woocommerce-catalog-enquiry 2017-07-19 WooCommerce Catalog Enquiry - Arbitrary File Upload
woocommerce-csvimport 2018-04-09 woocommerce-csvimport 3.3.6 – Authenticated Arbitrary Fil...