WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
download-shortcode 2014-08-01 Download Shortcode - "file" Arbitrary File Disclosure
eshop-magic 2014-08-01 eShop Magic 0.1 - eshop-magic/download.php file Parameter...
wysija-newsletters 2014-08-01 MailPoet Newsletters 2.6.6 - Theme File Upload H&ling Rem...
wysija-newsletters 2014-08-01 Wysija Newsletters 2.2 - SQL Injection
wysija-newsletters 2014-08-01 Wysija Newsletters - swfupload Cross-Site Scripting
wysija-newsletters 2014-09-21 MailPoet Newsletters 2.6.7 - helpers/back.php page Param...
wysija-newsletters 2014-09-21 MailPoet Newsletters 2.6.10 - Unspecified CSRF
wysija-newsletters 2016-02-02 MailPoet Newsletters <= 2.6.19 - Unauthenticated Reflecte...
wysija-newsletters 2016-09-11 MailPoet Newsletters <= 2.7.2 - Authenticated Reflected C...
wysija-newsletters 2016-09-11 MailPoet Newsletters <= 2.7.2 - SQL Injection
hitasoft_player 2014-08-01 Hitasoft FLV Player - "id" SQL Injection
spider-calendar 2014-08-01 Spider Calendar 1.3.0 - Multiple Vulnerabilities
spider-calendar 2014-08-01 Spider Calendar 1.1.0 - "many_sp_calendar" Cross-Site Scr...
spider-calendar 2014-08-01 Spider Calendar 1.0.1 - front_end/spidercalendarbig.php d...
spider-calendar 2014-08-01 Spider Calendar 1.0.1 - spidercalendarbig_seemore.php cal...
dynamic-font-replacement-4wp 2014-08-01 Dynamic Font Replacement 1.3 - SQL Injection
wp-e-commerce-predictive-se... 2014-08-01 WP e-Commerce Predictive Search - "rs" Cross-Site Scripting
wp-tiger 2014-08-01 vTiger - CRM Lead Capture Unspecified
wp-postviews 2014-08-01 WP-PostViews 1.62 - Setting Manipulation CSRF
dx-contribute 2014-08-01 DX-Contribute - Cross-Site Request Forgery
woocommerce 2014-08-01 WooCommerce 2.0.17 - hide-wc-extensions-message Parameter...
woocommerce 2014-08-01 WooCommerce 2.0.12 - index.php calc_shipping_state Parame...
woocommerce 2014-09-21 WooCommerce <= 2.1.12 - Reflected Cross-Site Scripting (XSS)
woocommerce 2014-12-01 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS)
woocommerce 2015-02-22 WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS)
woocommerce 2015-03-13 WooCommerce 2.3 - 2.3.5 - SQL Injection
woocommerce 2015-06-10 WooCommerce 2.0.20-2.3.10 - Object Injection / XXE
woocommerce 2015-11-18 WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting...
woocommerce 2016-07-20 WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting...
woocommerce 2016-09-11 WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) ...
woocommerce 2017-01-04 WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
woocommerce 2018-02-23 WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
woocommerce 2018-08-30 WooCommerce <= 3.4.4 - Potential Object Injection
woocommerce 2018-10-19 WooCommerce <= 3.4.5 - Authenticated Object Injection
woocommerce 2018-11-07 WooCommerce <= 3.4.5 - Authenticated File Deletion to Pri...
woocommerce 2018-12-10 WooCommerce <= 3.4.5 - Authenticated Stored XSS
woocommerce 2018-12-10 WooCommerce <= 3.4.5 - Authenticated Phar Deserialization
woocommerce 2019-01-07 WooCommerce <= 3.5.0 - Authenticated Stored XSS
woocommerce 2019-02-26 WooCommerce <= 3.5.4 - Stored Cross-Site Scripting (XSS)
video-lead-form 2014-08-01 Video Lead Form - "errMsg" Cross-Site Scripting
sagepay-direct-for-woocomme... 2014-08-01 WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - page...
sagepay-direct-for-woocomme... 2014-08-01 WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - page...
sagepay-direct-for-woocomme... 2014-08-01 WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - page...
woocommerce-predictive-search 2014-08-01 WooCommerce Predictive Search - index.php rs Parameter XSS
events-manager 2014-08-01 Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabi...
events-manager 2014-08-01 Events Manager 5.3.8 - Multiple Cross-Site Scripting (XSS)
events-manager 2014-08-01 Events Manager 5.3.5 - Multiple Cross-Site Scripting (XSS)
events-manager 2014-08-01 Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)
events-manager 2018-03-28 Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS
solvemedia 2014-08-01 SolveMedia 1.1.0 - plugins.php API Key Manipulation CSRF
solvemedia 2014-08-01 SolveMedia 1.1.0 - solvemedia.admin.inc Admin Options Pa...
usc-e-shop 2014-08-01 Welcart e-Commerce 1.3.12 - DOM Cross-Site Scripting (XSS)
usc-e-shop 2014-08-01 Welcart e-Commerce 1.3.12 - purchase_limit Parameter DOM-...
usc-e-shop 2014-08-01 Welcart e-Commerce 1.3.12 - SQL Injection
usc-e-shop 2014-08-01 Welcart e-Commerce - SQL Injection
usc-e-shop 2014-08-01 Welcart e-Commerce - CSRF & XSS
usc-e-shop 2015-07-25 Welcart e-Commerce <= 1.4.17 - Multiple Vulnerabilities
usc-e-shop 2015-12-31 Welcart e-Commerce <= 1.5.2 - SQL Injection
usc-e-shop 2016-06-27 Welcart e-Commerce <= 1.8.2 - PHP Object Injection
usc-e-shop 2016-06-27 Welcart e-Commerce <= 1.8.2 - Cross-Site Scripting (XSS)
usc-e-shop 2016-06-27 Welcart e-Commerce <= 1.8.2 - Session Management
knews 2014-08-01 Knews 1.2.5 - Multilingual Newsletters Cross-Site Request...
knews 2014-08-01 Knews 1.2.5 - Unspecified XSS
knews 2014-08-01 Knews 1.1.0 - wysiwyg/fontpicker/index.php ff Parameter XSS
wp-file-uploader 2014-08-01 File Uploader - PHP File Upload
cardoza-wordpress-poll 2014-08-01 Cardoza WordPress Poll <= 34.05 - Multiple External Funct...
cardoza-wordpress-poll 2014-08-01 WordPress Poll <= 34.05 - SQL Injection
cardoza-wordpress-poll 2014-08-01 Cardoza WordPress poll - Multiple SQL Injection Vulnerabi...
devformatter 2014-08-01 Developer Formatter 2013.0.1.40 - devformatter.php Multip...
devformatter 2014-08-01 Developer Formatter 2013.0.1.40 - devformatter.php Multip...
dvs-custom-notification 2014-08-01 DVS Custom Notification - Cross-Site Request Forgery
ipfeuilledechou 2014-08-01 ipfeuilledechou - SQL Injection
simple-login-log 2014-08-01 Simple Login Log - Cross-Site Scripting (XSS)
simple-login-log 2014-08-01 Simple Login Log - SQL Injection
simple-login-log 2017-10-11 Simple Login Log <= 1.1.0 - Authenticated SQL Injection
wp-slimstat 2014-08-01 WP SlimStat <= 3.5.5 - Overview URI Stored XSS
wp-slimstat 2014-08-01 WP SlimStat 2.8.4 - wp-content/plugins/wp-slimstat/admin/...
wp-slimstat 2015-01-06 WP SlimStat <= 3.9.1 - Cross-Site Scripting (XSS)
wp-slimstat 2015-01-23 WP SlimStat <= 3.9.2 - Stored Cross-Site Scripting (XSS)
wp-slimstat 2015-02-25 WP Slimstat <= 3.9.5 - Weak Cryptographic Keys Leading to...
wp-slimstat 2015-07-26 WP Slimstat <= 4.1.5.2 - Referer Header Cross-Site Script...
wp-slimstat-ex 2014-08-01 SlimStat-Ex - Open Flash Chart Arbitrary File Creation
browser-rejector 2014-08-01 Browser Rejector - Remote & Local File Inclusion
w3-total-cache 2014-08-01 W3 Total Cache 0.9.2.4 - Username & Hash Extract
w3-total-cache 2014-08-01 W3 Total Cache - Remote Code Execution
w3-total-cache 2014-09-28 W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Debug Mode XSS
w3-total-cache 2016-09-22 W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Toke...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP C...
w3-total-cache 2016-11-01 W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Req...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SN...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Information Disclosure Race C...
w3-total-cache 2019-04-02 W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary ...
wp-super-cache 2014-08-01 WP-Super-Cache 1.3 - Remote Code Execution
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Func...
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI...
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php...
wp-super-cache 2015-04-07 WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
wp-super-cache 2015-09-26 WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
wp-super-cache 2015-09-26 WP Super Cache <= 1.4.4 - PHP Object Injection
ripe-hd-player 2014-08-01 ripe-hd-player 1.0 - ripe-hd-player/config.php id Paramet...
ripe-hd-player 2014-08-01 ripe-hd-player 1.0 - Multiple Script Direct Request Path ...