WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
enable-media-replace 2014-08-01 Enable Media Replace <= 2.3 - Multiple Vulnerabilities
comment-rating 2014-08-01 Comment Rating 2.9.32 - Security Bypass Weakness & SQL In...
comment-rating 2014-08-01 Comment Rating 2.9.23 - Multiple Vulnerabilities
z-vote 2014-08-01 Z-Vote 1.1 - SQL Injection
iwant-one-ihave-one 2014-08-01 IWantOneButton 3.0.1 - Multiple Vulnerabilities
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - wpf-insert.php edit_post_id Pa...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php gro...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/fs-admin.php Multiple...
forum-server 2014-08-01 WP Forum Server <= 1.7 - SQL Injection
forum-server 2014-08-01 WP Forum Server 1.6.5 - feed.php topic Parameter SQL Inje...
forum-server 2014-08-01 WP Forum Server 1.6.5 - index.php Multiple Parameter SQL ...
relevanssi 2014-08-01 Relevanssi 3.2 - Unspecified SQL Injection
relevanssi 2014-08-01 Relevanssi 2.7.2 - Stored XSS
relevanssi 2015-01-03 Relevanssi <= 3.3.7.1 - Cross-Site Scripting (XSS)
relevanssi 2017-07-16 Relevanssi <= 3.5.7 - Stored Cross-Site Scripting (XSS)
relevanssi 2018-04-09 Relevanssi <= 4.0.4 - Cross-Site Scripting (XSS)
relevanssi 2018-04-12 Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection
gigpress 2014-08-01 GigPress 2.1.10 - Stored Cross-Site Scripting (XSS)
gigpress 2015-05-26 GigPress <= 2.3.8 - Authenticated SQL Injection
gigpress 2015-11-24 GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi
php_speedy_wp 2014-08-01 PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code E...
old-post-spinner 2014-08-01 OPS Old Post Spinner 2.2.1 - LFI
jquery-mega-menu 2014-08-01 jQuery Mega Menu 1.0 - Local File Inclusion
wp-custom-pages 2014-08-01 WP Custom Pages 0.5.0.1 - LFI
flash-album-gallery 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 2.70- "s" Cross-Site Scripting
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 2.55 - "gid" SQL Injection
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery - Multiple Vulnerabilities
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 1.9.0 & 2.0.0 - Multiple Vulner...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery <= 1.71 - wp-admin/admin.php sk...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery <= 1.56 - XSS
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid P...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 0.55 - admin/news.php want2Read...
flash-album-gallery 2015-11-13 Gr& Flagallery <= 4.24 - Full Path Disclosure
ajax-category-dropdown 2014-08-01 Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
beer-recipes 2014-08-01 Beer Recipes 1.0 - XSS
is-human 2014-08-01 Is-human <= 1.4.2 - Remote Comm& Execution
editormonkey 2014-08-01 EditorMonkey - (FCKeditor) Arbitrary File Upload
sermon-browser 2014-08-01 SermonBrowser <= 0.43.5 - SQL Injection
wp-symposium 2014-08-01 WP Symposium 13.04 - Unvalidated Redirect
wp-symposium 2014-08-01 WP Symposium 13.02 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 12.09 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 12.07.07 - Authentication Bypass
wp-symposium 2014-08-01 WP Symposium <= 12.06.16 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Remote File Upload Code Execution
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 0.64 - SQL Injection
wp-symposium 2014-12-09 WP Symposium <= 14.10 - XSS & SQL Injection
wp-symposium 2014-12-11 WP Symposium <= 14.11 - Unauthenticated Shell Upload
wp-symposium 2015-04-14 WP Symposium <= 15.1 - SQL Injection
wp-symposium 2015-08-09 WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
wp-symposium 2015-08-10 WP Symposium <= 15.1 - Blind SQL Injection
wp-symposium 2015-09-07 WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-...
file-groups 2014-08-01 File Groups <= 1.1.2 - SQL Injection
ip-logger 2014-08-01 IP-Logger <= 3.0 - SQL Injection
odihost-newsletter-plugin 2014-08-01 OdiHost Newsletter <= 1.0 - SQL Injection
easy-contact-form-lite 2014-08-01 Easy Contact Form Lite <= 1.0.7 - SQL Injection
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus - Unspecified SQL Injection
allow-php-in-posts-and-pages 2014-08-01 Allow PHP in Posts & Pages <= 2.0.0.RC2 - SQL Injection
global-content-blocks 2014-08-01 Global Content Blocks <= 1.2 - SQL Injection
global-content-blocks 2017-03-03 Global Content Blocks - Cross-Site Request Forgery (CSRF)
ajaxgallery 2014-08-01 Ajax Gallery <= 3.0 - SQL Injection
wp-ds-faq 2014-08-01 WP DS FAQ <= 1.3.2 - ajax.php id Parameter SQL Injection
mm-duplicate 2014-08-01 MM Duplicate <= 1.2 - SQL Injection
wp-menu-creator 2014-08-01 Menu Creator <= 1.1.7 - SQL Injection
advanced-text-widget 2014-08-01 Advanced Text Widget <= 2.0.0 - Cross Site Scripting