WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
multi-meta-box 2016-04-12 WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection
bbs-e-franchise 2016-12-06 BBS e-Franchise 1.1.1 - Unauthenticated SQL Injection
woo-custom-checkout-field 2016-07-26 Woo Custom Checkout Field <= 1.3.4 - CSRF & Stored XSS
monarch 2016-02-18 ElegantThemes - Privilege Escalation
bloom 2016-02-18 ElegantThemes - Privilege Escalation
file-manager 2017-03-20 File Manager - Cross-Site Request Forgery (CSRF) Arbitrar...
wp-ultimate-exporter 2016-03-03 WP Ultimate Exporter 1.0.0 - Reflected Cross-Site Scripti...
wp-ultimate-exporter 2016-03-13 WP Ultimate Exporter <= 1.1 - Unauthenticated SQL Injection
remote-upload 2016-06-14 Remote Upload <= 1.2.1 - Unrestricted File Upload
social-pug 2016-12-11 Social Share Buttons - Social Pug <= 1.2.5 - Authenticate...
import-woocommerce 2016-02-24 Import Woocommerce <= 1.0.1 - Reflected Cross-Site Script...
csv-import 2016-02-23 CSV Import 1.0 - Reflected Cross-Site Scripting (XSS)
sam-pro-free 2016-11-02 SAM Pro (Free Edition) <= 1.9.6.67 - Local File Inclusion...
analytics-counter 2016-12-11 Google Analytics Counter Tracker <= 3.4.0 - Unauthenticat...
wp2android-turn-wp-site-int... 2017-03-08 Wp2android 1.1.4 - Unauthenticated File Upload
unlimited-popups 2016-04-25 Unlimited Pop-Ups <= 1.4.3 - Cross-Site Scripting (XSS)
wp-markdown-editor 2017-03-15 WP Markdown Editor 2.3.0 - Authenticated "Self" Cross-Sit...
instalinker 2016-02-07 InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)
zm-gallery 2016-12-20 ZM Gallery 1.0 – Authenticated Blind SQL Injection
js_composer 2015-10-11 Visual Composer <= 4.7.3 - Multiple Unspecified Cross-Sit...
royal-slider 2015-09-13 Royal Slider <= 3.2.6 - Authenticated Cross-Site Scriptin...
ultimate-form-builder-lite 2017-04-20 Ultimate Form Builder Lite <= 1.3.2 - Authenticated Cross...
error-log-viewer 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
wp-whois-domain 2016-12-01 WP Whois Domain - Unauthenticated Cross-Site Scripting (...
wp-cerber 2016-04-01 Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated ...
simple-support-ticket-system 2015-10-07 Support Ticket System <= 1.2 - Unauthenticated SQL Injection
resads 2015-10-05 ResAds <= 1.0.1 - Reflected Cross-Site Scripting (XSS)
cysteme-finder 2016-09-05 CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthent...
watupro 2015-09-01 Watu PRO <= 4.8.8.4 - Cross-Site Request Forgery (CSRF)
car-rental-system 2015-08-26 Car Rental System <= 3.0 - SQL Injection
wp-limit-login-attempts 2015-09-09 WP Limit Login Attempts <= 2.0.0 - Unauthenticated SQL In...