WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
downloads-manager 2014-08-01 Download Manager 0.2 - Arbitrary File Upload Exploit
my-category-order 2014-08-01 My Category Order <= 2.8 - SQL Injection
my-category-order 2015-11-22 My Category Order <= 4.3 - Authenticated Cross-Site Scrip...
related-sites 2014-08-01 Related Sites 2.1 - Blind SQL Injection
dm-albums 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
dm-albums 2014-08-01 DM Albums - Multiple Remote File Disclosure
photoracer 2014-08-01 Photoracer 1.0 - (id) SQL Injection
photoracer 2014-08-01 Photoracer <= 1.0 - SQL Injection
photoracer 2014-08-01 Photoracer <= 1.0 - Multiple Vulnerabilities
wp-lytebox 2014-08-01 Lytebox - Local File Inclusion
events-calendar 2014-08-01 Events Calendar - SQL Injection
events-calendar 2014-08-01 Events Calendar - wp-admin/admin.php EC_id Parameter XSS
ImageManager 2014-08-01 Image Manager - Shell Upload
wp-cumulus 2014-08-01 WP-Cumulus <= 1.20 - Vulnerabilities
wp-cumulus 2014-08-01 WP-Cumulus - Cross Site Scripting Vulnerabily
wp-syntax 2014-08-01 WP-Syntax < 0.9.10 - Remote Comm& Execution
cimy-counter 2014-08-01 Cimy Counter - Vulnerabilities
nextgen-gallery 2014-08-01 NextGEN Gallery <= 2.0.63 - Arbitrary File Upload
nextgen-gallery 2014-08-01 NextGEN Gallery 2.0.0 - Directory Traversal
nextgen-gallery 2014-08-01 NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.12 - Arbitrary File Upload
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.11 - Full Path Disclosure
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting ...
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.8.3 - XXS & CSRF
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)
nextgen-gallery 2015-03-25 NextGEN Gallery <= 2.0.77 - CSRF & Arbitrary File Upload
nextgen-gallery 2015-08-28 NextGEN Gallery <= 2.1.7 - Authenticated Path Traversal
nextgen-gallery 2016-11-16 NextGEN Gallery <= 2.1.56 - Authenticated Local File Incl...
nextgen-gallery 2017-02-27 NextGEN Gallery <= 2.1.77 - Unauthenticated SQL Injection
nextgen-gallery 2018-03-02 NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
nextgen-gallery 2018-05-03 NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
nextgen-gallery 2019-02-05 NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injec...
wp-affiliate-disclosure 2019-03-01 Fremius Library <= 2.2.3 - Authenticated Option Update
cpl 2014-08-01 Copperleaf Photolog - SQL injection
mylinksdump 2014-08-01 myLDlinker - SQL Injection
firestats 2014-08-01 Firestats - Remote Configuration File Download
simple-press 2014-08-01 Simple Press - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Inj...
mingle-forum 2014-08-01 Mingle Forum <= 1.0.31 - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.26 - Multiple Vulnerabilities
mingle-forum 2014-08-01 Mingle Forum <= 1.0.33 - Cross Site Scripting
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Paramet...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php search_words Parame...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter ...
mingle-forum 2014-08-01 Mingle Forum 1.0.35 - Privilege Escalation CSRF
mingle-forum 2014-09-27 Mingle Forum 1.0.28 - XSS & FPD
accept-signups 2014-08-01 Accept Signups 0.1 - XSS
events-manager-extended 2014-08-01 Events Manager Extended - Stored XSS
nextgen-smooth-gallery 2014-08-01 NextGEN Smooth Gallery - Blind SQL Injection
nextgen-smooth-gallery 2014-08-01 NextGen Smooth Gallery - XSS
comment-rating 2014-08-01 Comment Rating 2.9.32 - Security Bypass Weakness & SQL In...
comment-rating 2014-08-01 Comment Rating 2.9.23 - Multiple Vulnerabilities
z-vote 2014-08-01 Z-Vote 1.1 - SQL Injection
user-photo 2014-08-01 User Photo - Component Remote File Upload
enable-media-replace 2014-08-01 Enable Media Replace <= 2.3 - Multiple Vulnerabilities
relevanssi 2014-08-01 Relevanssi 3.2 - Unspecified SQL Injection
relevanssi 2014-08-01 Relevanssi 2.7.2 - Stored XSS
relevanssi 2015-01-03 Relevanssi <= 3.3.7.1 - Cross-Site Scripting (XSS)
relevanssi 2017-07-16 Relevanssi <= 3.5.7 - Stored Cross-Site Scripting (XSS)
relevanssi 2018-04-09 Relevanssi <= 4.0.4 - Cross-Site Scripting (XSS)
relevanssi 2018-04-12 Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection
gigpress 2014-08-01 GigPress 2.1.10 - Stored Cross-Site Scripting (XSS)
gigpress 2015-05-26 GigPress <= 2.3.8 - Authenticated SQL Injection
gigpress 2015-11-24 GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi
iwant-one-ihave-one 2014-08-01 IWantOneButton 3.0.1 - Multiple Vulnerabilities
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - wpf-insert.php edit_post_id Pa...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php gro...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/fs-admin.php Multiple...
forum-server 2014-08-01 WP Forum Server <= 1.7 - SQL Injection
forum-server 2014-08-01 WP Forum Server 1.6.5 - feed.php topic Parameter SQL Inje...
forum-server 2014-08-01 WP Forum Server 1.6.5 - index.php Multiple Parameter SQL ...
php_speedy_wp 2014-08-01 PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code E...
old-post-spinner 2014-08-01 OPS Old Post Spinner 2.2.1 - LFI