ID Added Title
9112 2018-08-17 Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection
9106 2018-07-30 Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS
9100 2018-06-27 WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
9099 2018-06-25 iThemes Security <= 7.0.2 - Authenticated SQL Injection
9098 2018-06-21 Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 - Authen...
9097 2018-06-21 WordPress Comments Import & Export <= 2.0.4 - CSV Injection
9090 2018-06-01 wpForo Forum <= 1.4.11 - Unauthenticated Reflected Cross-Site Scripting ...
9088 2018-05-22 Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
9061 2018-04-09 WordPress File Upload <= 4.3.3 - Cross-Site Scripting (XSS)
9055 2018-04-04 WordPress 3.7-4.9.4 - Escape Version in Generator Tag
9054 2018-04-04 WordPress 3.7-4.9.4 - Use Safe Redirect for Login
9053 2018-04-04 WordPress 3.7-4.9.4 - Remove localhost Default
9051 2018-04-03 WordPress File Upload <= 4.3.2 - Security Issue in Shortcodes
9046 2018-03-19 WP Site Protect 1.0 - Cross-Site Scripting (XSS)
9045 2018-03-19 Dave's WordPress Live Search <= 4.5 - Reflected Cross-Site Scripting (XSS)
9039 2018-03-12 Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting ...
9038 2018-03-12 Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting ...
9037 2018-03-05 iThemes Security <= 6.9.0 - Cross-Site Scripting (XSS)
9028 2018-02-23 WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
9026 2018-02-22 MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)
9025 2018-02-13 Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blin...
9021 2018-02-05 WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
9006 2018-01-17 WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
9002 2018-01-11 Testimonial Slider <= 1.2.4 - Authenticated SQL Injection
9001 2018-01-11 Smooth Slider <= 2.8.6 - Authenticated SQL Injection
9000 2018-01-11 Dbox 3D Slider Lite <= 1.2.2 - Multiple Authenticated SQL injection
8999 2018-01-10 WordPress Download Manager <= 2.9.60 - Cross-Site Request Forgery (CSRF)
8986 2017-12-28 WP No External Links 4.2.1-4.2.2 - Backdoored
8981 2017-12-20 WordPress Concours <= 1.1 - Authenticated Cross-Site Scripting (XSS)
8978 2017-12-19 Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)