WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
ninja-forms-uploads 2019-05-10 Ninja Forms File Uploads Extension <= 3.0.22 - Unauthenti...
p3 2019-04-01 Pipdig Power Pack <= 4.7.3 - Vendor Backdoors & Suspiciou...
caldera-forms-pro 2019-03-11 Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary Fi...
woocommerce-abandoned-cart-pro 2019-03-11 Abandoned Cart Lite for WooCommerce <= 5.1.3 - Stored Cro...
total-donations 2019-01-28 Total Donations - Update Arbitrary WordPress Option Values
WP_Estimation_Form 2019-02-14 WP Cost Estimation < 9.644 - Arbitrary File Upload and De...
WP_Estimation_Form 2019-02-14 WP Cost Estimation < 9.660 - Upload Directory Traversal
social-network-tabs 2019-01-17 Social Network Tabs - Social Media API Key Leakage
contact-form-7-multi-step-m... 2019-03-01 Fremius Library <= 2.2.3 - Authenticated Option Update
print-my-blog 2019-04-27 Print My Blog <= 1.6.5 - Unauthenticated Server Side Requ...
arforms 2018-10-29 ARForms <= 3.5.1 - Unauthenticated Arbitrary File Deletion
image-intense 2018-09-05 Image Intense <= 3.2.5 - Authenticated SQL Injection in s...
forminator 2019-02-06 Forminator <= 1.5.4 - Authenticated Multiple Vulnerabilities
background-takeover 2018-04-09 WP Background Takeover <= 4.1.4 - Directory Traversal
gift-voucher 2018-08-28 Gift Voucher - Authenticated Blind SQL Injection
buddyboss-media 2018-01-22 BuddyBoss Media <= 3.2.3 - Stored XSS
accesspress-anonymous-post-pro 2017-12-19 AccessPress Anonymous Post Pro < 3.2.0 - Unauthenticated ...
nlinks 2017-11-23 InLinks 1.0 - Authenticated SQL Injection
userpro 2017-11-12 UserPro <= 4.9.17 - Authentication Bypass
userpro 2018-09-07 UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting ...
userpro 2019-01-08 UserPro <= 4.9.20 - User Registration With Administrator ...
userpro 2019-01-14 UserPro <= 4.9.27 - User Registration With Administrator ...
wpml-translation-management 2017-11-09 WPML Translation Management <= 2.4.1 - PHP Object Injection
wp-gdpr-compliance 2018-11-08 WP GDPR Compliance <= 1.4.2 - Unauthenticated Call Any Ac...
wordcamp-talks 2017-10-30 WordCamp Talks <= 1.0.0-beta2 - Formula injection via CSV...
qards 2017-10-17 Qards - Server Side Request Forgery (SSRF)
qards 2017-10-17 Qards - Stored Cross-Site Scripting (XSS)
wphrm 2017-10-11 WPHRM <= 1.0 - Authenticated SQL Injection
emag-marketplace-connector 2017-11-29 Emag Marketplace Connector 1.0 - Unauthenticated Cross-Si...
dark-mode 2018-01-22 Dark Mode <= 1.6 - Stored XSS
content_timeline 2017-10-03 Content Timeline <= 4.4.2 - Multiple Blind SQL Injection
furikake 2018-01-08 furikake - Unauthenticated Open Redirect
woocommerce-product-vendors 2017-08-31 WooCommerce Product Vendors Plugin <= 2.0.27 - Unauthenti...
formcraft3 2017-08-02 FormCraft - Premium WordPress Form Builder <= v3.2.31 - A...
indeed-affiliate-pro 2017-08-02 Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authent...