WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
ip-logger 2014-08-01 IP-Logger <= 3.0 - SQL Injection
wp-symposium 2014-08-01 WP Symposium 13.04 - Unvalidated Redirect
wp-symposium 2014-08-01 WP Symposium 13.02 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 12.09 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 12.07.07 - Authentication Bypass
wp-symposium 2014-08-01 WP Symposium <= 12.06.16 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Remote File Upload Code Execution
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 0.64 - SQL Injection
wp-symposium 2014-12-09 WP Symposium <= 14.10 - XSS & SQL Injection
wp-symposium 2014-12-11 WP Symposium <= 14.11 - Unauthenticated Shell Upload
wp-symposium 2015-04-14 WP Symposium <= 15.1 - SQL Injection
wp-symposium 2015-08-09 WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
wp-symposium 2015-08-10 WP Symposium <= 15.1 - Blind SQL Injection
wp-symposium 2015-09-07 WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-...
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus - Unspecified SQL Injection
odihost-newsletter-plugin 2014-08-01 OdiHost Newsletter <= 1.0 - SQL Injection
easy-contact-form-lite 2014-08-01 Easy Contact Form Lite <= 1.0.7 - SQL Injection
allow-php-in-posts-and-pages 2014-08-01 Allow PHP in Posts & Pages <= 2.0.0.RC2 - SQL Injection
global-content-blocks 2014-08-01 Global Content Blocks <= 1.2 - SQL Injection
global-content-blocks 2017-03-03 Global Content Blocks - Cross-Site Request Forgery (CSRF)
ajaxgallery 2014-08-01 Ajax Gallery <= 3.0 - SQL Injection
wp-ds-faq 2014-08-01 WP DS FAQ <= 1.3.2 - ajax.php id Parameter SQL Injection
mm-duplicate 2014-08-01 MM Duplicate <= 1.2 - SQL Injection
wp-menu-creator 2014-08-01 Menu Creator <= 1.1.7 - SQL Injection
advanced-text-widget 2014-08-01 Advanced Text Widget <= 2.0.0 - Cross Site Scripting
meenews 2014-08-01 meenews 5.1 - Cross-Site Scripting Vulnerabilities
clickdesk-live-support-chat 2014-08-01 Click Desk Live Support Chat - Cross Site Scripting
adminimize 2014-08-01 adminimize 1.7.21 - 'page' Parameter Cross Site Scripting
disqus-comment-system 2014-08-01 Disqus <= 2.75 - Remote Code Execution (RCE)
disqus-comment-system 2014-08-01 Disqus Comment System <= 2.68 - Reflected Cross-Site Scri...
disqus-comment-system 2014-08-01 Disqus Blog Comments <= 2.77 - Blind SQL Injection
disqus-comment-system 2014-09-17 Disqus <= 2.77 - Cross-Site Request Forgery (CSRF)
disqus-comment-system 2014-09-17 Disqus <= 2.75 - Cross-Site Scripting (XSS) & CSRF
wp-recaptcha 2014-08-01 Google reCAPTCHA <= 3.1.3 - Reflected XSS
link-library 2014-08-01 Link Library 5.1.6 - link-library-ajax.php Multiple Param...
link-library 2014-08-01 Link Library 5.0.8 - wp-content/plugins/link-library/trac...
link-library 2014-08-01 Link Library 5.0.8 - wp-content/plugins/link-library/trac...
link-library 2014-08-01 Link Library <= 5.2.1 - SQL Injection
link-library 2016-08-16 Link Library <= 5.9.12.29 - Authenticated Reflected Cross...
link-library 2017-08-16 Link-Library <= 5.9.13.26 – Authenticated SQL Injection
cevhershare 2014-08-01 CevherShare 2.0 - SQL Injection
pay-with-tweet 2014-08-01 Pay With Tweet <= 1.1 - Multiple Vulnerabilities
wp-whois 2014-08-01 Whois Search <= 1.4.2 - Cross Site Scripting
upm-polls 2014-08-01 UPM-POLLS 1.0.4 - BLIND SQL injection
count-per-day 2014-08-01 Count Per Day <= 3.2.5 - daytoshow Parameter XSS
count-per-day 2014-08-01 Count per Day 3.2.5 - counter.php HTTP Referer Header XSS
count-per-day 2014-08-01 Count Per Day 3.2.3 - Multiple Script Direct Request Path...
count-per-day 2014-08-01 Count Per Day <= 3.2.3 - notes.php note Parameter XSS
count-per-day 2014-08-01 Count Per Day 3.1.1 - userperspan.php Multiple Parameter XSS
count-per-day 2014-08-01 Count Per Day <= 3.1 - download.php f Parameter Traversal...
count-per-day 2014-08-01 Count Per Day <= 3.1 - map.php map Parameter XSS
count-per-day 2014-08-01 Count per Day <= 2.17 - SQL Injection
count-per-day 2015-07-23 Count Per Day 3.4 - SQL Injection
count-per-day 2016-08-08 Count Per Day <= 3.5.4 - Stored Cross-Site Scripting (XSS)
count-per-day 2016-08-12 Count per Day <= 3.5.4 - Authenticated Reflected Cross-Si...
wp-autoyoutube 2014-08-01 WP-AutoYoutube <= 0.1 - Blind SQL Injection
age-verification 2014-08-01 Age Verification <= 0.4 - Open Redirect
yousaytoo-auto-publishing-p... 2014-08-01 Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting
allwebmenus-wordpress-menu-... 2014-08-01 AllWebMenus Shell Upload <= 1.1.9 - Shell Upload
allwebmenus-wordpress-menu-... 2014-08-01 AllWebMenus 1.1.3 - Remote File Inclusion
shortcode-redirect 2014-08-01 Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting
ucan-post 2014-08-01 uCan Post <= 1.0.09 - Stored XSS
wp-cycle-playlist 2014-08-01 WP Cycle Playlist - Multiple Vulnerabilities