WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
w3-total-cache 2014-08-01 W3 Total Cache 0.9.2.4 - Username & Hash Extract
w3-total-cache 2014-08-01 W3 Total Cache - Remote Code Execution
w3-total-cache 2014-09-28 W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Debug Mode XSS
w3-total-cache 2016-09-22 W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Toke...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP C...
w3-total-cache 2016-11-01 W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Req...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SN...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Information Disclosure Race C...
wa-form-builder 2016-12-06 WA Form Builder 1.1 - Unauthenticated SQL Injection
wangguard 2016-08-03 WangGuard <= 1.7.1 - Cross-Site Scripting (XSS)
wangguard 2017-01-19 WangGuard <= 1.7.2 - Authenticated Reflected Cross-Site S...
wassup 2014-08-01 WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
wassup 2016-11-08 WassUp Real Time Analytics <= 1.9 - Cross Site Scripting
watupro 2015-09-01 WatuPRO <= 4.8.8.4 - Cross-Site Request Forgery (CSRF)
watupro 2017-09-07 WatuPRO <= 5.5.1 - SQL Injection
wc-shortcodes 2016-11-21 WP Canvas - Shortcodes <= 2.05 - Authenticated Stored Cro...
webapp-builder 2017-03-08 Webapp builder 2.0 - Unauthenticated File Upload
webcam-2way-videochat 2014-09-17 Webcam 2Way Videochat 4.41 - Cross-Site Scripting (XSS)
webengage 2014-08-01 WebEngage 2.0.0 - callback.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - renderer.php Multiple Parameter Reflect...
webengage 2014-08-01 WebEngage 2.0.0 - resize.php height Parameter XSS
webinar_plugin 2014-08-01 Easy Webinar - get_widget.php wid Parameter SQL Injection
webrotate-360-product-viewer 2015-05-14 Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scri...
websimon-tables 2015-11-24 Websimon Tables <= 1.3.4 - Authenticated Reflected Cross-...
website-contact-form-with-f... 2015-04-13 N-Media Website Contact Form with File Upload <= 1.3.4 - ...
website-contact-form-with-f... 2015-06-03 N-Media Website Contact Form with File Upload <= 1.5 - Lo...
website-contact-form-with-f... 2016-09-21 N-Media Website Contact Form with File Upload - Arbitrary...
website-faq 2014-08-01 Website FAQ 1.0 - wp-admin/admin-ajax.php category Parame...
white-label-cms 2014-08-01 White Label CMS - Cross-Site Request Forgery
white-label-cms 2015-04-29 White Label CMS <= 1.5.2 - Stored XSS
whizz 2016-04-19 WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scr...
whizz 2017-04-10 WHIZZ <= 1.1 - Cross-Site Request Forgery (CSRF)
whydowork-adsense 2014-12-29 WhyDoWork AdSense 1.2 - XSS & CSRF
widget-control-powered-by-e... 2014-08-01 Widget Control Powered By Everyblock 1.0.1 - wp-admin/adm...
wonderplugin-audio 2015-02-19 WonderPlugin Audio Player 2.0 Blind SQL Injection & XSS
woo-custom-checkout-field 2016-07-26 Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS
woo-email-control 2016-07-19 Woo Email Control <= 1.01 - Reflected Cross-Site Scriptin...
woocommerce 2014-08-01 WooCommerce 2.0.17 - hide-wc-extensions-message Parameter...
woocommerce 2014-08-01 WooCommerce 2.0.12 - index.php calc_shipping_state Parame...
woocommerce 2014-09-21 WooCommerce <= 2.1.12 - Reflected Cross-Site Scripting (XSS)
woocommerce 2014-12-01 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)
woocommerce 2015-02-22 WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS)
woocommerce 2015-03-13 WooCommerce 2.3 - 2.3.5 - SQL Injection
woocommerce 2015-06-10 WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
woocommerce 2015-11-18 WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting...
woocommerce 2016-07-20 WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting...
woocommerce 2016-09-11 WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) ...
woocommerce 2017-01-04 WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
woocommerce-abandoned-cart 2015-11-24 Woocommerce Ab&oned Cart Lite <= 1.8 - Authenticated Blin...
woocommerce-catalog-enquiry 2017-07-19 WooCommerce Catalog Enquiry - Arbitrary File Upload
woocommerce-email-test 2016-12-09 WooCommerce Email Test 1.5 - Order Information Disclosure
woocommerce-exporter 2014-10-11 WooCommerce Store Exporter 1.7.5 - Cross Site Scripting (...
woocommerce-predictive-search 2014-08-01 WooCommerce Predictive Search - index.php rs Parameter XSS
woocommerce-product-addon 2016-09-27 WooCommerce Product Addons <= 1.1 - Arbitrary File Upload
woocommerce-product-vendors 2017-08-31 WooCommerce Product Vendors Plugin <= 2.0.27 - Unauthenti...
woocommerce-store-toolkit 2016-02-08 WooCommerce - Store Toolkit Plugin <= 1.5.6 - Privilege E...