WordPress Plugin Vulnerabilities

0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
Name Added Title
imdb-widget 2016-03-30 IMDb Profile Widget <= 1.0.8 - Local File Inclusion (LFI)
event-calendar-wd 2017-07-16 Event Calendar WD <= 1.0.93 - Authenticated Cross-Site Sc...
easy-appointments 2017-10-26 Easy Appointments <= 1.11.7 - Cross-Site Scripting (XSS)
defa-online-image-protector 2016-04-15 defa-online-image-protector <= 3.3 - Unauthenticated Refl...
dzs-zoomsounds 2015-06-01 ZoomSounds <= 2.0 - Remote File Upload
wp-image-zoooom 2018-04-12 WP Image Zoom <= 1.23 - Cross-Site Request Forgery (CSRF)
woocommerce-catalog-enquiry 2017-07-19 WooCommerce Catalog Enquiry - Arbitrary File Upload
wf-cookie-consent 2018-05-03 WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cro...
securemoz-security-audit 2015-09-09 SecureMoz Security Audit <= 1.0.5 - MitM PHP Object Injec...
bws-latest-posts 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
wp-backup-plus 2015-05-22 WP Backup Plus - Backup Disclosure
wp-membership 2015-05-21 WP Membership <= 1.2.3 - Multiple Vulnerabilities
bws-latest-posts 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
wps-hide-login 2015-05-27 WPS Hide Login 1.0 - CSRF
wp-rollback 2015-06-28 WP Rollback <= 1.2.2 - Cross-Site Scripting (XSS) & CSRF
wp-like-post 2017-09-20 WP Like Post <= 1.5.2 - Authenticated SQL Injection
woocommerce-product-addon 2016-09-27 WooCommerce Product Addons <= 1.1 - Arbitrary File Upload
whizz 2016-04-19 WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scr...
whizz 2017-04-10 WHIZZ <= 1.1 - Cross-Site Request Forgery (CSRF)
unite-gallery-lite 2015-07-25 Unite Gallery Lite <= 1.4.6 - CSRF & Authenticated SQL In...
tracking-code-manager 2017-05-12 Tracking Code Manager <= 1.11.1 - Authenticated XSS, CSRF...
sourceafrica 2015-09-02 sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Script...
bws-latest-posts 2017-04-13 Multiple BestWebSoft Plugins - Authenticated Reflected GE...
multisite-post-duplicator 2016-12-11 Multisite Post Duplicator <= 0.9.5.1 - Cross-Site Request...
echosign 2016-04-22 Echosign <= 1.1 - Reflected Cross-Site Scripting (XSS)
stats-counter 2017-03-03 Analytics Stats Counter Statistics - Unauthenticated PHP ...
optinmonster 2016-03-22 OptinMonster <= 1.1.4.5 - Execution of Arbitrary Shortcodes
showbizpro 2015-05-03 WordPress Showbiz Pro Shell Upload
wwc-amz-aff 2015-04-26 WooCommerce Amazon Affiliates - Arbitrary File Upload
premium-seo-pack 2015-04-24 Premium SEO Pack 1.8.0 - Unauthenicated Arbitrary File Up...
wordpress-seo-premium 2015-04-20 WordPress SEO by Yoast <= 2.0.1 - Cross-Site Scripting (XSS)