WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
browser-rejector 2014-08-01 Browser Rejector - Remote & Local File Inclusion
w3-total-cache 2014-08-01 W3 Total Cache 0.9.2.4 - Username & Hash Extract
w3-total-cache 2014-08-01 W3 Total Cache - Remote Code Execution
w3-total-cache 2014-09-28 W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
w3-total-cache 2014-12-12 W3 Total Cache <= 0.9.4 - Debug Mode XSS
w3-total-cache 2016-09-22 W3 Total Cache <= 0.9.4.1 - Authenticated Reflected Cross...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Toke...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File ...
w3-total-cache 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary PHP C...
w3-total-cache 2016-11-01 W3 Total Cache <= 0.9.4 - Unauthenticated Server Side Req...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Weak Validation of Amazon SN...
w3-total-cache 2016-11-14 W3 Total Cache <= 0.9.4.1 - Information Disclosure Race C...
w3-total-cache 2019-04-02 W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary ...
w3-total-cache 2019-05-06 W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass
w3-total-cache 2019-05-06 W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)
w3-total-cache 2019-05-06 W3 Total Cache <= 0.9.7.3 - SSRF / RCE via phar
wp-super-cache 2014-08-01 WP-Super-Cache 1.3 - Remote Code Execution
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Func...
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI...
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
wp-super-cache 2014-08-01 WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php...
wp-super-cache 2015-04-07 WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
wp-super-cache 2015-09-26 WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
wp-super-cache 2015-09-26 WP Super Cache <= 1.4.4 - PHP Object Injection
ripe-hd-player 2014-08-01 ripe-hd-player 1.0 - ripe-hd-player/config.php id Paramet...
ripe-hd-player 2014-08-01 ripe-hd-player 1.0 - Multiple Script Direct Request Path ...
floating-tweets 2014-08-01 floating-tweets - Stored XSS
floating-tweets 2014-08-01 floating-tweets - directory traversal
wp-photo-album-plus 2014-08-01 WP Photo Album Plus <= 4.1.1 - SQL Injection
wp-photo-album-plus 2014-08-01 WP Photo Album Plus < 4.8.12 - wp-photo-album-plus.php wp...
wp-photo-album-plus 2014-08-01 WP Photo Album Plus - Full Path Disclosure
wp-photo-album-plus 2014-08-01 WP Photo Album Plus - index.php wppa-tag Parameter XSS
wp-photo-album-plus 2014-08-01 WP Photo Album Plus - "commentid" Cross-Site Scripting
wp-photo-album-plus 2014-08-01 WP Photo Album Plus - wp-admin/admin.php edit_id Paramete...
wp-photo-album-plus 2014-09-17 WP Photo Album Plus 5.4.5 - 5.4.8 Stored XSS
wp-photo-album-plus 2014-09-28 WP Photo Album Plus 5.4.4 & 5.4.3 Cross-Site Scripting (XSS)
wp-photo-album-plus 2014-11-24 WP Photo Album Plus 5.4.17 Reflected XSS
wp-photo-album-plus 2015-05-20 WP Photo Album Plus <= 6.1.2 - Stored Cross-Site Scriptin...
backwpup 2014-08-01 BackWPup 2.1.4 - Code Execution
backwpup 2014-08-01 BackWPup <= 3.0.12 - Authenticated Cross-Site Scripting (...
backwpup 2017-09-28 BackWPup <= 3.4.1 - Backup File Download
portable-phpmyadmin 2014-08-01 portable-phpMyAdmin - Authentication Bypass
portable-phpmyadmin 2014-08-01 Portable phpMyAdmin - /pma/phpinfo.php Direct Request Sys...
portable-phpmyadmin 2014-08-01 Portable phpMyAdmin 1.4.1 - Multiple Script Direct Reques...
super-refer-a-friend 2014-08-01 super-refer-a-friend - Full Path Disclosure
contact-form-wordpress 2014-08-01 Contact Form <= 2.7.5 - SQL Injection
adrotate 2014-08-01 AdRotate <= 3.9.4 - clicktracker.php track Parameter SQL ...
adrotate 2014-08-01 AdRotate <= 3.6.6 - SQL Injection
adrotate 2014-08-01 AdRotate <= 3.6.5 - SQL Injection
wp-spamfree 2014-08-01 WP-SpamFree 3.2.1 - Spam SQL Injection
wp-spamfree 2017-03-02 WP-SpamFree Anti-Spam - Authenticated Reflected Cross-Sit...
gd-star-rating 2014-08-01 GD Star Rating 1.9.22 - SQL Injection
gd-star-rating 2014-08-01 GD Star Rating 1.9.22 - Cross-Site Request Forgery (CSRF)
gd-star-rating 2014-08-01 GD Star Rating 1.9.18 - Export Security Bypass
gd-star-rating 2014-08-01 GD Star Rating <= 1.9.16 - Cross-Site Scripting (XSS)
gd-star-rating 2014-08-01 GD Star Rating <= 1.9.10 - SQL Injection
gd-star-rating 2014-08-01 GD Star Rating 1.9.7 - Cross-Site Scripting (XSS)
really-easy-slider 2014-08-01 Really Easy Slider 0.1 - Shell Upload
verve-meta-boxes 2014-08-01 Verve Meta Boxes 1.2.8 - Shell Upload
user-avatar 2014-08-01 User Avatar 1.3.7 - shell upload
extend-wordpress 2014-08-01 Extend 1.3.7 - Shell Upload
cms-pack-cache 2014-08-01 Cms Pack 1.3 - Shell Upload
a-gallery 2014-08-01 A Gallery 0.9 - Shell Upload
category-list-portfolio-page 2014-08-01 Category List Portfolio Page 0.9 - Shell Upload
rent-a-car 2014-08-01 Rent A Car 1.0 - Shell Upload
lisl-last-image-slider 2014-08-01 LISL Last Image Slider 1.0 - Shell Upload
islidex 2014-08-01 Islidex 2.7 - Shell Upload
kino-gallery 2014-08-01 Kino Gallery 1.0 - Shell Upload
rekt-slideshow 2014-08-01 Rekt Slideshow 1.0.5 - Shell Upload
cac-featured-content 2014-08-01 CAC Featured Content 0.8 - Shell Upload
wp-marketplace 2014-08-01 WP Marketplace 1.1.0 - Shell Upload
dp-thumbnail 2014-08-01 DP Thumbnail 1.0 - Shell Upload
vk-gallery 2014-08-01 Vk Gallery 1.1.0 - Shell Upload
relocate-upload 2014-08-01 Relocate Upload 0.14 - Remote File Inclusion