WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
meenews 2014-08-01 meenews 5.1 - Cross-Site Scripting Vulnerabilities
clickdesk-live-support-chat 2014-08-01 Click Desk Live Support Chat - Cross Site Scripting
adminimize 2014-08-01 adminimize 1.7.21 - 'page' Parameter Cross Site Scripting
cevhershare 2014-08-01 CevherShare 2.0 - SQL Injection
disqus-comment-system 2014-08-01 Disqus <= 2.75 - Remote Code Execution (RCE)
disqus-comment-system 2014-08-01 Disqus Comment System <= 2.68 - Reflected Cross-Site Scri...
disqus-comment-system 2014-08-01 Disqus Blog Comments <= 2.77 - Blind SQL Injection
disqus-comment-system 2014-09-17 Disqus <= 2.77 - Cross-Site Request Forgery (CSRF)
disqus-comment-system 2014-09-17 Disqus <= 2.75 - Cross-Site Scripting (XSS) & CSRF
wp-recaptcha 2014-08-01 Google reCAPTCHA <= 3.1.3 - Reflected XSS
link-library 2014-08-01 Link Library 5.1.6 - link-library-ajax.php Multiple Param...
link-library 2014-08-01 Link Library 5.0.8 - wp-content/plugins/link-library/trac...
link-library 2014-08-01 Link Library 5.0.8 - wp-content/plugins/link-library/trac...
link-library 2014-08-01 Link Library <= 5.2.1 - SQL Injection
link-library 2016-08-16 Link Library <= 5.9.12.29 - Authenticated Reflected Cross...
link-library 2017-08-16 Link-Library <= 5.9.13.26 – Authenticated SQL Injection
pay-with-tweet 2014-08-01 Pay With Tweet <= 1.1 - Multiple Vulnerabilities
wp-whois 2014-08-01 Whois Search <= 1.4.2 - Cross Site Scripting
upm-polls 2014-08-01 UPM-POLLS 1.0.4 - BLIND SQL injection
count-per-day 2014-08-01 Count Per Day <= 3.2.5 - daytoshow Parameter XSS
count-per-day 2014-08-01 Count per Day 3.2.5 - counter.php HTTP Referer Header XSS
count-per-day 2014-08-01 Count Per Day 3.2.3 - Multiple Script Direct Request Path...
count-per-day 2014-08-01 Count Per Day <= 3.2.3 - notes.php note Parameter XSS
count-per-day 2014-08-01 Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS
count-per-day 2014-08-01 Count Per Day <= 3.1 - download.php f Parameter Traversal...
count-per-day 2014-08-01 Count Per Day <= 3.1 - map.php map Parameter XSS
count-per-day 2014-08-01 Count per Day <= 2.17 - SQL Injection
count-per-day 2015-07-23 Count Per Day 3.4 - SQL Injection
count-per-day 2016-08-08 Count Per Day <= 3.5.4 - Stored Cross-Site Scripting (XSS)
count-per-day 2016-08-12 Count per Day <= 3.5.4 - Authenticated Reflected Cross-Si...
wp-autoyoutube 2014-08-01 WP-AutoYoutube <= 0.1 - Blind SQL Injection
age-verification 2014-08-01 Age Verification <= 0.4 - Open Redirect
yousaytoo-auto-publishing-p... 2014-08-01 Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting
allwebmenus-wordpress-menu-... 2014-08-01 AllWebMenus Shell Upload <= 1.1.9 - Shell Upload
allwebmenus-wordpress-menu-... 2014-08-01 AllWebMenus 1.1.3 - Remote File Inclusion
shortcode-redirect 2014-08-01 Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting
ucan-post 2014-08-01 uCan Post <= 1.0.09 - Stored XSS
wp-cycle-playlist 2014-08-01 WP Cycle Playlist - Multiple Vulnerabilities
myeasybackup 2014-08-01 myEASYbackup 1.0.8.1 - Directory Traversal
register-plus-redux 2014-08-01 Register Plus Redux <= 3.8.3 - Cross Site Scripting
magn-html5-drag-and-drop-me... 2014-08-01 Magn WP Drag & Drop <= 1.1.4 - Upload Shell Upload
kish-guest-posting 2014-08-01 Kish Guest Posting 1.2 - Arbitrary File Upload
all-in-one-event-calendar 2014-08-01 All-in-One Event Calendar 1.9 - wp-admin/post-new.php Mul...
all-in-one-event-calendar 2014-08-01 All-in-One Event Calendar 1.9 - index.php Multiple Parame...
all-in-one-event-calendar 2014-09-27 All-in-One Event Calendar Plugin 1.4 & 1.5 Multiple XSS
buddypress 2014-08-01 Buddypress <= 1.9.1 - Crafted bp_new_group_id Cookie Arbi...
buddypress 2014-08-01 Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
buddypress 2014-08-01 BuddyPress 1.7.1 - Multiple SQL Injections
buddypress 2014-08-01 Buddypress <= 1.5.4 - SQL Injection
buddypress 2014-08-01 BuddyPress 1.2.9 - SQL Injection
buddypress 2015-11-12 BuddyPress <= 2.3.4 - Authenticated Privilege Escalation
buddypress 2017-01-03 BuddyPress 2.0-2.7.3 - Arbitrary File Deletion
cms-tree-page-view 2014-08-01 CMS Tree Page View 1.2.4 - Page Creation CSRF
cms-tree-page-view 2014-08-01 CMS Tree Page View 0.8.8 - XSS
cms-tree-page-view 2015-04-27 CMS Tree Page View 1.2.31 - Multiple Parameter XSS
organizer 2014-08-01 Organizer 1.2.1 - Cross Site Scripting / Path Disclosure
zingiri-tickets 2014-08-01 Zingiri Tickets - File Disclosure
deans-fckeditor-with-pwwang... 2014-08-01 FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell...
zingiri-web-shop 2014-08-01 Zingiri Web Shop 2.6.4 - mform.php Unspecified Issue
zingiri-web-shop 2014-08-01 Zingiri Web Shop - Cookie SQL Injection
zingiri-web-shop 2014-08-01 Zingiri Web Shop <= 2.4.0 - zing.inc.php page Parameter XSS
zingiri-web-shop 2014-08-01 Zingiri Web Shop <= 2.4.0 - onecheckout.php notes Paramet...
zingiri-web-shop 2014-09-28 Zingiri Web Shop 2.2.0 - init.inc wpabspath Parameter Rem...
custom-contact-forms 2014-08-01 Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting
custom-contact-forms 2014-09-17 Custom Contact Forms <= 5.1.0.3 Database Import/Export