WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
instalinker 2016-02-07 InstaLinker <= 1.1.1 - Reflected Cross-Site Scripting (XSS)
duplicate-page-and-post 2017-12-28 Duplicate Page and Post 2.1.0-2.1.1 (current) - Backdoored
zm-gallery 2016-12-20 ZM Gallery 1.0 – Authenticated Blind SQL Injection
js_composer 2015-10-11 Visual Composer <= 4.7.3 - Multiple Unspecified Cross-Sit...
royal-slider 2015-09-13 Royal Slider <= 3.2.6 - Authenticated Cross-Site Scriptin...
ultimate-form-builder-lite 2017-04-20 Contact Form for WordPress – Ultimate Form Builder Lite <...
ultimate-form-builder-lite 2017-10-23 Contact Form for WordPress – Ultimate Form Builder Lite <...
ultimate-form-builder-lite 2018-06-18 Ultimate Form Builder Lite <= 1.3.7 - Multiple Vulnerabil...
social-login-bws 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
wp-whois-domain 2016-12-01 WP Whois Domain - Unauthenticated Cross-Site Scripting (...
wp-cerber 2016-04-01 Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated ...
simple-support-ticket-system 2015-10-07 Support Ticket System <= 1.2 - Unauthenticated SQL Injection
resads 2015-10-05 ResAds <= 1.0.1 - Reflected Cross-Site Scripting (XSS)
cysteme-finder 2016-09-05 CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthent...
watupro 2015-09-01 WatuPRO <= 4.8.8.4 - Cross-Site Request Forgery (CSRF)
watupro 2017-09-07 WatuPRO <= 5.5.1 - SQL Injection
wp-user-groups 2018-05-14 WP User Groups <= 2.0.0 - Cross-Site Request Forgery (CSRF)
content-cards 2017-12-04 Content Cards <= 0.9.6 - Cross-Site Scripting (XSS)
car-rental-system 2015-08-26 Car Rental System <= 3.0 - SQL Injection
wp-limit-login-attempts 2015-09-09 WP Limit Login Attempts <= 2.0.0 - Unauthenticated SQL In...
wp-advance-comment 2016-03-13 WP Advanced Comment <= 0.10 - Stored Cross-Site Scripting...
social-login-bws 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
gravitate-qa-tracker 2017-05-21 Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Objec...
z-url-preview 2018-01-08 Z-URL Preview <= 1.6.2 - Cross-Site Scripting (XSS)
woo-order-export-lite 2018-06-21 Advanced Order Export For WooCommerce <= 1.5.4 - CSV Inje...
propertyhive 2018-02-01 PropertyHive <= 1.4.14 - Cross-Site Scripting (XSS)
propertyhive 2018-12-06 PropertyHive <= 1.4.25 - Unvalidated Input to do_action()
mdc-private-message 2015-08-22 MDC Private Message <= 1.0.0 - Authenticated Stored Cross...
faq-wd 2016-04-17 FAQ WD <= 1.0.14 - Cross-Site Scripting (XSS)
zx-csv-upload 2016-12-20 ZX_CSV Upload 1 – Authenticated SQL Injection
payment-form-for-paypal-pro 2015-10-11 Payment Form for PayPal Pro <= 1.0.1 - Multiple Reflected...
hide_my_wp 2015-07-29 Hide My WP <= 4.51.1 - Stored Cross-Site Scripting (XSS)
hide_my_wp 2015-08-13 Hide My WP <= 4.53 - Stored-Cross Site Scripting (XSS)
sirv 2016-11-21 Sirv <= 1.3.1 - Authenticated SQL Injection
robo-gallery 2016-04-12 Robo Gallery <= 2.0.14 - Remote Code Execution