WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
w3-total-cache 2014-08-01 W3 Total Cache 0.9.2.4 - Username & Hash Extract
w3-total-cache 2014-08-01 W3 Total Cache - Remote Code Execution
w3-total-cache 2014-09-28 W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Debug Mode XSS
w3-total-cache 2016-09-22 W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Toke...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP C...
w3-total-cache 2016-11-01 W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Req...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SN...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Information Disclosure Race C...
w3-total-cache 2019-04-02 W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary ...
w3-total-cache 2019-05-06 W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass
w3-total-cache 2019-05-06 W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)
w3-total-cache 2019-05-06 W3 Total Cache <= 0.9.7.3 - SSRF / RCE via phar
wa-form-builder 2016-12-06 WA Form Builder 1.1 - Unauthenticated SQL Injection
wangguard 2016-08-03 WangGuard <= 1.7.1 - Cross-Site Scripting (XSS)
wangguard 2017-01-19 WangGuard <= 1.7.2 - Authenticated Reflected Cross-Site S...
wassup 2014-08-01 WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
wassup 2016-11-08 WassUp Real Time Analytics <= 1.9 - Cross Site Scripting
watu 2019-06-28 Watu Quizz <= 3.1.2.5 - Reflected XSS via question-form.h...
watupro 2015-09-01 WatuPRO <= 4.8.8.4 - Cross-Site Request Forgery (CSRF)
watupro 2017-09-07 WatuPRO <= 5.5.1 - SQL Injection
wc-shortcodes 2016-11-21 WP Canvas - Shortcodes <= 2.05 - Authenticated Stored Cro...
add-pinterest-conversion-tags 2019-03-01 Freemius Library <= 2.2.3 - Authenticated Option Update
wd-instagram-feed 2019-06-26 WD Instagram Feed <= 1.3.0 - XSS
webapp-builder 2017-03-08 Webapp builder 2.0 - Unauthenticated File Upload
webcam-2way-videochat 2014-09-17 Webcam 2Way Videochat 4.41 - Cross-Site Scripting (XSS)
webengage 2014-08-01 WebEngage 2.0.0 - callback.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - renderer.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - resize.php height Parameter XSS
webinar_plugin 2014-08-01 Easy Webinar - get_widget.php wid Parameter SQL Injection
weblizar-pinterest-feeds 2018-01-22 Pinterest Feed <= 1.1.1 - Authenticated XSS & CSRF
webp-converter-for-media 2019-06-27 WebP Converter for Media <= 1.0.2 - Cross-Site Request Fo...
webp-express 2019-06-16 WebP Express <= 0.14.10 - Multiple Issues
webp-express 2019-06-26 WebP Express <= 0.14.4 - Authenticated Stored XSS
gallery-bank 2015-05-14 Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scri...
websimon-tables 2015-11-24 Websimon Tables <= 1.3.4 - Authenticated Reflected Cross-...
website-contact-form-with-f... 2015-04-13 N-Media Website Contact Form with File Upload <= 1.3.4 - ...
website-contact-form-with-f... 2015-06-03 N-Media Website Contact Form with File Upload <= 1.5 - Lo...
website-contact-form-with-f... 2016-09-21 N-Media Website Contact Form with File Upload - Arbitrary...
website-faq 2014-08-01 Website FAQ 1.0 - wp-admin/admin-ajax.php category Parame...
wechat-broadcast 2018-09-24 Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
wf-cookie-consent 2018-05-03 WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cro...
white-label-cms 2014-08-01 White Label CMS - Cross-Site Request Forgery
white-label-cms 2015-04-29 White Label CMS <= 1.5.2 - Stored XSS
whizz 2016-04-19 WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scr...
whizz 2017-04-10 WHIZZ <= 1.1 - Cross-Site Request Forgery (CSRF)
whydowork-adsense 2014-12-29 WhyDoWork AdSense 1.2 - XSS & CSRF
widget-control-powered-by-e... 2014-08-01 Widget Control Powered By Everyblock 1.0.1 - wp-admin/adm...
widget-logic 2019-06-28 Widget Logic <= 5.9.0 - CSRF to RCE
widget-logic 2019-07-01 Widget Logic <= 5.10.2 - CSRF and Lack of Authorisation
add-pinterest-conversion-tags 2019-03-01 Freemius Library <= 2.2.3 - Authenticated Option Update
wise-chat 2019-01-25 Wise Chat <= 2.6.3 - Reverse Tabnabbing
wonderm00ns-simple-facebook... 2018-06-21 Open Graph for Facebook, Google+ and Twitter Card Tags <=...
wonderm00ns-simple-facebook... 2018-07-04 Open Graph for Facebook, Google+ and Twitter Card Tags <=...