WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
wassup 2014-08-01 WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
wassup 2016-11-08 WassUp Real Time Analytics <= 1.9 - Cross Site Scripting
wp-adserve 2014-08-01 Adserve 0.2 - adclick.php SQL Injection Exploit
fgallery 2014-08-01 fGallery 2.4.1 - fimrss.php SQL Injection
wp-photo-album 2014-08-01 Photo album - Remote SQL Injection
sf-forum 2014-08-01 Simple Forum 2.0-2.1 - SQL Injection
sf-forum 2014-08-01 Simple Forum 1.10-1.11 - SQL Injection
st_newsletter 2014-08-01 st_newsletter - Remote SQL Injection
st_newsletter 2014-08-01 st_newsletter - (stnl_iframe.php) SQL Injection
wordspew 2014-08-01 Wordspew - Remote SQL Injection
wpSS 2014-08-01 Spreadsheet <= 0.6 - SQL Injection
wp-download 2014-08-01 Download - (dl_id) SQL Injection
sniplets 2014-08-01 Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities
fmoblog 2014-08-01 fMoblog 2.1 - (id) SQL Injection
page-flip-image-gallery 2014-08-01 Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln
wp-shopping-cart 2014-08-01 e-Commerce <= 3.4 - Arbitrary File Upload Exploit
downloads-manager 2014-08-01 Download Manager 0.2 - Arbitrary File Upload Exploit
my-category-order 2014-08-01 My Category Order <= 2.8 - SQL Injection
my-category-order 2015-11-22 My Category Order <= 4.3 - Authenticated Cross-Site Scrip...
related-sites 2014-08-01 Related Sites 2.1 - Blind SQL Injection
dm-albums 2014-08-01 SWFUpload - Cross-Site Scripting (XSS)
dm-albums 2014-08-01 DM Albums - Multiple Remote File Disclosure
photoracer 2014-08-01 Photoracer 1.0 - (id) SQL Injection
photoracer 2014-08-01 Photoracer <= 1.0 - SQL Injection
photoracer 2014-08-01 Photoracer <= 1.0 - Multiple Vulnerabilities
wp-lytebox 2014-08-01 Lytebox - Local File Inclusion
events-calendar 2014-08-01 Events Calendar - SQL Injection
events-calendar 2014-08-01 Events Calendar - wp-admin/admin.php EC_id Parameter XSS
ImageManager 2014-08-01 Image Manager - Shell Upload
wp-cumulus 2014-08-01 WP-Cumulus <= 1.20 - Vulnerabilities
wp-cumulus 2014-08-01 WP-Cumulus - Cross Site Scripting Vulnerabily
wp-syntax 2014-08-01 WP-Syntax < 0.9.10 - Remote Comm& Execution
cimy-counter 2014-08-01 Cimy Counter - Vulnerabilities
nextgen-gallery 2014-08-01 NextGEN Gallery <= 2.0.63 - Arbitrary File Upload
nextgen-gallery 2014-08-01 NextGEN Gallery 2.0.0 - Directory Traversal
nextgen-gallery 2014-08-01 NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.12 - Arbitrary File Upload
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.11 - Full Path Disclosure
nextgen-gallery 2014-08-01 NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting ...
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.8.3 - XXS & CSRF
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure
nextgen-gallery 2014-08-01 NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)
nextgen-gallery 2015-03-25 NextGEN Gallery <= 2.0.77 - CSRF & Arbitrary File Upload
nextgen-gallery 2015-08-28 NextGEN Gallery <= 2.1.7 - Authenticated Path Traversal
nextgen-gallery 2016-11-16 NextGEN Gallery <= 2.1.56 - Authenticated Local File Incl...
nextgen-gallery 2017-02-27 NextGEN Gallery <= 2.1.77 - Unauthenticated SQL Injection
nextgen-gallery 2018-03-02 NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
nextgen-gallery 2018-05-03 NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
nextgen-gallery 2019-02-05 NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injec...
add-pinterest-conversion-tags 2019-03-01 Freemius Library <= 2.2.3 - Authenticated Option Update
cpl 2014-08-01 Copperleaf Photolog - SQL injection
mylinksdump 2014-08-01 myLDlinker - SQL Injection
firestats 2014-08-01 Firestats - Remote Configuration File Download
simple-press 2014-08-01 Simple Press - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Inj...
mingle-forum 2014-08-01 Mingle Forum <= 1.0.31 - SQL Injection
mingle-forum 2014-08-01 Mingle Forum <= 1.0.26 - Multiple Vulnerabilities
mingle-forum 2014-08-01 Mingle Forum <= 1.0.33 - Cross Site Scripting
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Paramet...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php search_words Parame...
mingle-forum 2014-08-01 Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter ...
mingle-forum 2014-08-01 Mingle Forum 1.0.35 - Privilege Escalation CSRF
mingle-forum 2014-09-27 Mingle Forum 1.0.28 - XSS & FPD