WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
firestats 2014-08-01 Firestats - Remote Configuration File Download
simple-press 2014-08-01 Simple Press - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Inj...
mingle-forum 2014-08-01 Mingle Forum <= 1.0.31 - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.26 - Multiple Vulnerabilities
mingle-forum 2014-08-01 Mingle Forum <= 1.0.33 - Cross Site Scripting
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Paramet...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php search_words Parame...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter ...
mingle-forum 2014-08-01 Mingle Forum 1.0.35 - Privilege Escalation CSRF
mingle-forum 2014-09-27 Mingle Forum 1.0.28 - XSS & FPD
accept-signups 2014-08-01 Accept Signups 0.1 - XSS
events-manager-extended 2014-08-01 Events Manager Extended - Stored XSS
nextgen-smooth-gallery 2014-08-01 NextGEN Smooth Gallery - Blind SQL Injection
nextgen-smooth-gallery 2014-08-01 NextGen Smooth Gallery - XSS
comment-rating 2014-08-01 Comment Rating 2.9.32 - Security Bypass Weakness & SQL In...
comment-rating 2014-08-01 Comment Rating 2.9.23 - Multiple Vulnerabilities
z-vote 2014-08-01 Z-Vote 1.1 - SQL Injection
user-photo 2014-08-01 User Photo - Component Remote File Upload
enable-media-replace 2014-08-01 Enable Media Replace <= 2.3 - Multiple Vulnerabilities
iwant-one-ihave-one 2014-08-01 IWantOneButton 3.0.1 - Multiple Vulnerabilities
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - wpf-insert.php edit_post_id Pa...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php gro...
forum-server 2014-08-01 WP Forum Server <= 1.7.3 - fs-admin/fs-admin.php Multiple...
forum-server 2014-08-01 WP Forum Server <= 1.7 - SQL Injection
forum-server 2014-08-01 WP Forum Server 1.6.5 - feed.php topic Parameter SQL Inje...
forum-server 2014-08-01 WP Forum Server 1.6.5 - index.php Multiple Parameter SQL ...
relevanssi 2014-08-01 Relevanssi 3.2 - Unspecified SQL Injection
relevanssi 2014-08-01 Relevanssi 2.7.2 - Stored XSS
relevanssi 2015-01-03 Relevanssi <= 3.3.7.1 - Cross-Site Scripting (XSS)
relevanssi 2017-07-16 Relevanssi <= 3.5.7 - Stored Cross-Site Scripting (XSS)
relevanssi 2018-04-09 Relevanssi <= 4.0.4 - Cross-Site Scripting (XSS)
relevanssi 2018-04-12 Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection
gigpress 2014-08-01 GigPress 2.1.10 - Stored Cross-Site Scripting (XSS)
gigpress 2015-05-26 GigPress <= 2.3.8 - Authenticated SQL Injection
gigpress 2015-11-24 GigPress <= 2.3.10 - Authenticated XSS & Blind SQLi
php_speedy_wp 2014-08-01 PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code E...
old-post-spinner 2014-08-01 OPS Old Post Spinner 2.2.1 - LFI
jquery-mega-menu 2014-08-01 jQuery Mega Menu 1.0 - Local File Inclusion
ajax-category-dropdown 2014-08-01 Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
wp-custom-pages 2014-08-01 WP Custom Pages 0.5.0.1 - LFI
flash-album-gallery 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 2.70- "s" Cross-Site Scripting
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 2.55 - "gid" SQL Injection
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery - Multiple Vulnerabilities
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 1.9.0 & 2.0.0 - Multiple Vulner...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery <= 1.71 - wp-admin/admin.php sk...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery <= 1.56 - XSS
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid P...
flash-album-gallery 2014-08-01 GRAND Flash Album Gallery 0.55 - admin/news.php want2Read...
flash-album-gallery 2015-11-13 Gr& Flagallery <= 4.24 - Full Path Disclosure
beer-recipes 2014-08-01 Beer Recipes 1.0 - XSS
is-human 2014-08-01 Is-human <= 1.4.2 - Remote Comm& Execution
editormonkey 2014-08-01 EditorMonkey - (FCKeditor) Arbitrary File Upload
sermon-browser 2014-08-01 SermonBrowser <= 0.43.5 - SQL Injection
file-groups 2014-08-01 File Groups <= 1.1.2 - SQL Injection
ip-logger 2014-08-01 IP-Logger <= 3.0 - SQL Injection
wp-symposium 2014-08-01 WP Symposium 13.04 - Unvalidated Redirect
wp-symposium 2014-08-01 WP Symposium 13.02 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 12.09 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 12.07.07 - Authentication Bypass
wp-symposium 2014-08-01 WP Symposium <= 12.06.16 - Multiple SQL Injections
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Remote File Upload Code Execution
wp-symposium 2014-08-01 WP Symposium <= 11.11.26 - Cross-Site Scripting (XSS)
wp-symposium 2014-08-01 WP Symposium <= 0.64 - SQL Injection
wp-symposium 2014-12-09 WP Symposium <= 14.10 - XSS & SQL Injection
wp-symposium 2014-12-11 WP Symposium <= 14.11 - Unauthenticated Shell Upload
wp-symposium 2015-04-14 WP Symposium <= 15.1 - SQL Injection
wp-symposium 2015-08-09 WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
wp-symposium 2015-08-10 WP Symposium <= 15.1 - Blind SQL Injection
wp-symposium 2015-09-07 WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-...
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF
wp-ds-faq-plus 2014-08-01 WP DS FAQ Plus - Unspecified SQL Injection
odihost-newsletter-plugin 2014-08-01 OdiHost Newsletter <= 1.0 - SQL Injection
easy-contact-form-lite 2014-08-01 Easy Contact Form Lite <= 1.0.7 - SQL Injection