WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
AffiliateWP 2017-05-26 AffiliateWP <= 2.0.9 - Authenticated Cross-Site Scripting...
Ultimate_VC_Addons 2017-05-17 Ultimate Addons for Visual Composer <= 3.16.11 - Authenti...
audio-record 2019-01-07 Audio Record 1.0 - Arbitrary File Upload
divi-builder 2016-02-18 ElegantThemes - Privilege Escalation
divi-builder 2018-10-31 ElegantThemes (divi, extra, divi-builder) - Authenticated...
site-editor 2018-03-19 Site Editor <= 1.1.1 - Local File Inclusion (LFI)
gallery-album 2017-09-22 Responsive Image Gallery, Gallery Album <= 1.2.0 - Authen...
weblizar-pinterest-feeds 2018-01-22 Pinterest Feed <= 1.1.1 - Authenticated XSS & CSRF
wp-concours 2017-12-20 WordPress Concours <= 1.1 - Authenticated Cross-Site Scri...
social-login-bws 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
directdownload 2017-01-18 Direct Download for WooCommerce <= 1.15 - Unauthenticated...
responsive-poll 2017-01-11 Responsive Poll 1.6.4,1.7.4 - Cross-Site Scripting (XSS) ...
wp-mailster 2017-12-06 WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripti...
multi-step-form 2018-07-30 Multi Step Form <= 1.2.5 - Multiple Unauthenticated Refle...
multi-step-form 2019-01-07 Multi Step Form <= 1.2.5 - Cross-Site Scripting (XSS)
ad-manager-wd 2019-01-29 Download Ad Manager by WD - Arbitrary File Download
profilegrid-user-profiles-g... 2018-05-18 ProfileGrid – User Profiles, Groups and Communities <= 2....
comments-import-export-wooc... 2018-06-21 WordPress Comments Import & Export <= 2.0.4 - CSV Injection
social-login-bws 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
post-indexer 2016-11-21 Post Indexer <= 3.0.6.1 - PHP Object Injection via MitM
post-indexer 2016-11-21 Post Indexer <= 3.0.6.1 - Authenticated SQL Injection
relevanssi-premium 2016-11-21 Relevanssi Premium <= 1.14.4 - SQL Injection & PHP Object...
themeisle-companion 2018-12-11 Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authen...
wp-splashing-images 2018-01-29 Splashing Images <= 2.1 - Authenticated PHP Object Injection
wp-splashing-images 2018-01-29 Splashing Images <= 2.1 - Cross-Site Scripting (XSS)
basic-contact-form 2017-09-28 Basic Contact Form <= 1.0.3 - Potential Unauthenticated S...
404-redirection-manager 2017-01-14 404 Redirection Manager 1.0 - SQL Injection
wechat-broadcast 2018-09-24 Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
mobile-friendly-app-builder... 2017-03-08 mobile-friendly-app-builder-by-easytouch 3.0 - Unauthenti...
mobile-app-builder-by-wappress 2017-03-08 WordPress Mobile app Builder 1.05 - Unauthenticated File ...
zen-mobile-app-native 2017-03-01 Mobile App Native <= 3.0 - Remote File Upload
site-reviews 2018-06-28 Site Reviews <= 2.15.2 - Cross-Site Scripting (XSS)
loginpress 2019-02-12 LoginPress <= 1.1.15 - Authenticated Blind SQL Injection
BraftonWordpressPlugin 2016-09-07 brafton WordPress Plugin <=3.4.7 - Reflected XSS