ID Added Title
9054 2018-04-04 WordPress 3.7-4.9.4 - Use Safe Redirect for Login
9053 2018-04-04 WordPress 3.7-4.9.4 - Remove localhost Default
9051 2018-04-03 WordPress File Upload <= 4.3.2 - Security Issue in Shortcodes
9046 2018-03-19 WP Site Protect 1.0 - Cross-Site Scripting (XSS)
9045 2018-03-19 Dave's WordPress Live Search <= 4.5 - Reflected Cross-Site Scripting (XSS)
9039 2018-03-12 Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting ...
9038 2018-03-12 Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting ...
9037 2018-03-05 iThemes Security <= 6.9.0 - Cross-Site Scripting (XSS)
9028 2018-02-23 WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
9026 2018-02-22 MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)
9025 2018-02-13 Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blin...
9021 2018-02-05 WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
9006 2018-01-17 WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
9002 2018-01-11 Testimonial Slider <= 1.2.4 - Authenticated SQL Injection
9001 2018-01-11 Smooth Slider <= 2.8.6 - Authenticated SQL Injection
9000 2018-01-11 Dbox 3D Slider Lite <= 1.2.2 - Multiple Authenticated SQL injection
8999 2018-01-10 WordPress Download Manager <= 2.9.60 - Cross-Site Request Forgery (CSRF)
8986 2017-12-28 WP No External Links 4.2.1-4.2.2 - Backdoored
8981 2017-12-20 WordPress Concours <= 1.1 - Authenticated Cross-Site Scripting (XSS)
8978 2017-12-19 Multiple Mediaburst/Clockwork Plugins - Cross-Site Scripting (XSS)
8969 2017-11-30 WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
8968 2017-11-30 WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
8967 2017-11-30 WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
8966 2017-11-30 WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
8960 2017-11-16 Yoast SEO <= 5.7.1 - Authenticated Cross-Site Scripting (XSS)
8958 2017-11-14 bbPress <= 2.5.12 - Unauthenticated SQL Injection
8951 2017-11-12 Ultimate Instagram Feed <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)
8947 2017-11-09 Ultimate Instagram Feed <= 1.3 - Authenticated Cross-Site Scripting (XSS)
8941 2017-10-31 WordPress <= 4.8.2 - $wpdb->prepare() Weakness
8940 2017-10-30 Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)