WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
wp-automatic 2014-08-01 Automatic 2.0.3 - csv.php q Parameter SQL Injection
flipbook 2014-08-01 Flip Book 1.0 - Shell Upload
ajax_multi_upload 2014-08-01 Ajax Multi Upload 1.1 - Shell Upload
website-faq 2014-08-01 Website FAQ 1.0 - wp-admin/admin-ajax.php category Parame...
radykal-fancy-gallery 2014-08-01 Fancy Gallery 1.2.4 - Shell Upload
moodthingy-mood-rating-widget 2014-08-01 MoodThingy Widget <= 0.9.1 - Multiple SQL Injection
paid-business-listings 2014-08-01 Paid Business Listings - Blind SQL Injection
backup 2016-02-17 Backup Guard <= 1.0.2 - Arbitrary File Upload
backup 2017-08-29 BackupGuard <= 1.1.46 - Authenticated Cross-Site Scriptin...
rsvpmaker 2014-08-01 RSVPMaker 2.5.4 - index.php RSVP Form Multiple Field XSS
mz-jajak 2014-08-01 Mz-jajak <= 2.1 - index.php id Parameter SQL Injection
resume-submissions-job-post... 2014-08-01 Resume Submissions Job Posting <= 2.5.1 - Unrestricted Fi...
resume-submissions-job-post... 2016-06-27 Resume Submissions & Job Postings - Stored Cross-Site Scr...
wp-predict 2014-08-01 WP-Predict 1.0 - Blind SQL Injection
threewp-email-reflector 2014-08-01 ThreeWP Email Reflector 1.13 - Subject Field XSS
wp-simplemail 2014-08-01 SimpleMail 1.0.6 - Stored XSS
postie 2014-08-01 Postie 1.4.3 - Stored XSS
rich-widget 2014-08-01 Rich Widget - File Upload
monsters-editor-10-for-wp-s... 2014-08-01 Monsters Editor - Arbitrary File Upload
quick-post-widget 2014-08-01 Quick Post Widget 1.9.1 - Multiple Cross-Site Scripting (...
quick-post-widget 2014-08-27 Quick Post Widget 1.9.1 - Multiple Function CSRF
nextgen_cu3er_gallery 2014-08-01 NextGen Cu3er Gallery - Information Disclosure
social-discussions 2014-08-01 Social Discussions - Multiple Path Disclosure
social-discussions 2014-08-01 Social Discussions 6.1.1 - Remote File Inclusion
abtest 2014-08-01 ABtest - Directory Traversal
abtest 2016-03-23 ABtest - File Inclusion
bbpress 2014-08-01 bbPress - Multiple Script Malformed Input Path Disclosure
bbpress 2014-08-01 bbPress - forum.php page Parameter SQL Injection
bbpress 2016-05-03 bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS)
bbpress 2016-07-14 bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-...
bbpress 2017-11-14 bbPress <= 2.5.12 - Unauthenticated SQL Injection
wordfence 2014-08-01 Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored...
wordfence 2014-08-01 Wordfence 3.8.1 - Password Creation Restriction Bypass
wordfence 2014-08-01 Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stor...
wordfence 2014-08-01 Wordfence 3.3.5 - XSS & IAA
wordfence 2014-09-22 Wordfence 5.2.4 - Unspecified Issue
wordfence 2014-09-22 Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS
wordfence 2014-09-22 Wordfence 5.2.3 - Banned IP Functionality Bypass
wordfence 2014-09-27 Wordfence 5.2.3 - Multiple Vulnerabilities
wordfence 2014-10-07 Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypa...
wordfence 2014-12-01 Wordfence 5.2.2 - XSS in Referer Header
wordfence 2014-12-08 Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)
slideshow-jquery-image-gallery 2014-08-01 Slideshow jQuery Image Gallery - Multiple Vulnerabilities
slideshow-jquery-image-gallery 2014-08-01 Slideshow - Multiple Script Insertion Vulnerabilities
slideshow-jquery-image-gallery 2015-05-03 Slideshow 2.2.8-2.2.21 - Option Value Disclosure
wp-levoslideshow 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
wp-levoslideshow 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
wp-levoslideshow 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
cardoza-ajax-search 2014-08-01 Ajax Post Search <= 1.3 - SQL Injection
answer-my-question 2014-08-01 Answer My Question 1.1 - record_question.php Multiple Par...
answer-my-question 2016-11-21 Answer My Question 1.3 - SQL Injection
answer-my-question 2017-05-02 Answer My Question 1.3 - Cross-Site Scripting (XSS)
wp-royal-gallery 2014-08-01 wp-royal-gallery - Arbitrary File Upload
wp-levoslideshow 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)