WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
magn-html5-drag-and-drop-me... 2014-08-01 Magn WP Drag & Drop <= 1.1.4 - Upload Shell Upload
kish-guest-posting 2014-08-01 Kish Guest Posting 1.2 - Arbitrary File Upload
all-in-one-event-calendar 2014-08-01 All-in-One Event Calendar 1.9 - wp-admin/post-new.php Mul...
all-in-one-event-calendar 2014-08-01 All-in-One Event Calendar 1.9 - index.php Multiple Parame...
all-in-one-event-calendar 2014-09-27 All-in-One Event Calendar Plugin 1.4 & 1.5 Multiple XSS
buddypress 2014-08-01 Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbi...
buddypress 2014-08-01 Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
buddypress 2014-08-01 BuddyPress 1.7.1 - Multiple SQL Injections
buddypress 2014-08-01 Buddypress <= 1.5.4 - SQL Injection
buddypress 2014-08-01 BuddyPress 1.2.9 - SQL Injection
buddypress 2015-11-12 BuddyPress <= 2.3.4 - Authenticated Privilege Escalation
buddypress 2017-01-03 BuddyPress 2.0-2.7.3 - Arbitrary File Deletion
zingiri-tickets 2014-08-01 Zingiri Tickets - File Disclosure
cms-tree-page-view 2014-08-01 CMS Tree Page View 1.2.4 - Page Creation CSRF
cms-tree-page-view 2014-08-01 CMS Tree Page View 0.8.8 - XSS
cms-tree-page-view 2015-04-27 CMS Tree Page View 1.2.31 - Multiple Parameter XSS
organizer 2014-08-01 Organizer 1.2.1 - Cross Site Scripting / Path Disclosure
deans-fckeditor-with-pwwang... 2014-08-01 FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell...
zingiri-web-shop 2014-08-01 Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue
zingiri-web-shop 2014-08-01 Zingiri Web Shop - Cookie SQL Injection
zingiri-web-shop 2014-08-01 Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS
zingiri-web-shop 2014-08-01 Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Paramet...
zingiri-web-shop 2014-09-28 Zingiri Web Shop 2.2.0 - init.inc wpabspath Parameter Rem...
custom-contact-forms 2014-08-01 Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting
custom-contact-forms 2014-09-17 Custom Contact Forms <= 5.1.0.3 Database Import/Export
2-click-socialmedia-button 2014-08-01 2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting
2-click-socialmedia-button 2014-08-01 2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting
login-with-ajax 2014-08-01 Login With Ajax - Cross Site Scripting
login-with-ajax 2014-08-01 Login With Ajax - Cross-Site Request Forgery
login-with-ajax 2017-05-02 Login with AJAX Plugin <= 3.1.6 - Cross-Site Scripting (XSS)
media-library-categories 2014-08-01 Media Library Categories <= 1.0.6 - SQL Injection
media-library-categories 2014-08-01 Media Library Categories <= 1.1.1 - Cross Site Scripting
bulletproof-security 2014-08-01 BulletProof Security <= .47 - Cross-Site Scripting (XSS)
bulletproof-security 2014-08-01 BulletProof Security - Security Log Script Insertion
bulletproof-security 2014-10-07 BulletProof Security <= .50.8 - Script Insertion
bulletproof-security 2014-11-05 BulletProof Security <= .51 Multiple Vulnerabilities (XSS...
bulletproof-security 2015-10-27 BulletProof Security <= .52.4 - Authenticated Cross-Site ...
bulletproof-security 2016-03-17 Bulletproof Security <= .53.2 - Multiple Cross Site Scrip...
bulletproof-security 2016-05-11 BulletProof Security <= .53.3 - Multiple XSS Vulnerabilities
better-wp-security 2014-08-01 Better WP Security 3.6.3 - Online Backup Storage current_...
better-wp-security 2014-08-01 Better WP Security 3.6.3 - /wp-admin/admin-ajax.php licen...
better-wp-security 2014-08-01 Better WP Security 3.5.5 - inc/admin/content.php id_speci...
better-wp-security 2014-08-01 Better WP Security <= 3.5.3 - inc/secure.php logevent Fun...
better-wp-security 2014-08-01 Better WP Security 3.4.3 - Multiple XSS
better-wp-security 2014-08-01 Better WP Security <= 3.2.4 - Cross-Site Scripting (XSS)
better-wp-security 2015-04-15 iThemes Security 3.0-4.6.12 – Stored Cross-Site Scriptin...
better-wp-security 2016-04-05 iThemes Security <= 5.3.4 - Potential Authenticated DOM C...
better-wp-security 2016-04-22 iThemes Security <= 5.3.0 - Insecure Backup/Logfile Gener...
better-wp-security 2016-04-25 iThemes Security <= 5.3.5 - Lack of Capability Check
better-wp-security 2016-10-06 iThemes Security <= 5.6.1 - Unauthenticated Stored Cross-...
catablog 2014-08-01 Catablog <= 1.6 - Cross Site Scripting
bad-behavior 2014-08-01 Bad Behavior <= 2.2.4 - Cross-Site Scripting (XSS)
download-manager 2014-08-01 Download Manager 2.5.8 - Download Package file Parameter ...
download-manager 2014-08-01 Download Manager <= 2.2.2 - admin.php cid Parameter XSS
download-manager 2014-12-03 Download Manager <= 2.7.4 - Code Execution / Remote File ...
download-manager 2015-03-08 Download Manager 2.7.2 - Privilege Escalation
download-manager 2015-07-16 WordPress Download Manager <= 2.7.94 - Authenticated Stor...
download-manager 2016-01-19 WordPress Download Manager <= 2.8.7 - Multiple Vulnerabil...
download-manager 2017-03-03 WordPress Download Manager <= 2.9.45 - Cross-Site Request...
download-manager 2017-06-19 WordPress Download Manager <= 2.9.51 - Authenticated Refl...
download-manager 2017-07-16 WordPress Download Manager <= 2.9.49 - Cross-Site Scripti...
download-manager 2017-07-16 WordPress Download Manager <= 2.9.50 - Open Redirect
codestyling-localization 2014-08-01 Code Styling Localization <= 1.99.17 - Cross Site Scripting
ezpz-one-click-backup 2014-08-01 EZPZ One Click Backup <= 12.03.10 - Unauthenticated Comm&...
ezpz-one-click-backup 2014-08-01 EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting ...
download-monitor 2015-03-09 Download Monitor <= 1.6.3 - Authenticated Directory Listing
download-monitor 2015-04-20 Download Monitor <= 1.7.0 - Cross-Site Scripting (XSS)
download-monitor 2017-05-11 Download Monitor <= 1.9.6 - Unauthenticated Downloading o...
dynamic-widgets 2014-08-01 Dynamic Widgets <= 1.5.1 - Cross-Site Scripting (XSS)
dynamic-widgets 2015-11-22 Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scri...
leaflet 2014-08-01 Leaflet <= 0.0.1 - Cross Site Scripting
joliprint 2014-08-01 PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scri...
iframe-admin-pages 2014-08-01 IFrame Admin Pages <= 0.1 - Cross Site Scripting
pretty-link 2014-08-01 Pretty Link Lite <= 1.5.3 - Cross-Site Scripting (XSS)
pretty-link 2014-08-01 Pretty Link Lite <= 1.6.0 - Cross-Site Scripting (XSS)
pretty-link 2014-08-01 Pretty Link Lite <= 1.6.2 - XSS in SWF
pretty-link 2015-11-22 Pretty Link Lite <= 1.6.7 - Authenticated SQL Injection
newsletter-manager 2014-08-01 Newsletter Manager <= 1.0.2 - Cross Site Scripting
newsletter-manager 2014-08-01 Newsletter Manager 1.0.2 - Cross Site Scripting & Cross-S...
network-publisher 2014-08-01 Network Publisher <= 5.0.1 - Cross Site Scripting
leaguemanager 2014-08-01 LeagueManager <= 3.7 - wp-admin/admin.php Multiple Parame...
leaguemanager 2014-08-01 LeagueManager 3.8 - SQL Injection
leaguemanager 2015-06-02 LeagueManager <= 3.9.11 - Unauthenticated SQL Injection
soundcloud-is-gold 2014-08-01 Soundcloud Is Gold <= 2.1 - Cross-Site Scripting (XSS)
soundcloud-is-gold 2015-11-24 SoundCloud Is Gold <= 2.3.1 - Unauthenticated Reflected C...