ID Added Title
8731 2017-01-26 WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
8730 2017-01-26 WordPress 3.5-4.7.1 - WP_Query SQL Injection
8729 2017-01-26 WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
8721 2017-01-12 WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generato...
8720 2017-01-12 WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
8719 2017-01-12 WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
8718 2017-01-12 WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fal...
8717 2017-01-12 WordPress <= 4.7 - Cross-Site Request Forgery (CSRF) via Flash Upload
8716 2017-01-12 WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-c...
8715 2017-01-12 WordPress 4.7 - User Information Disclosure via REST API
8714 2017-01-12 WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer
8707 2017-01-03 XCloner - Backup and Restore <= 3.1.4 - Authenticated Path Traversal
8695 2016-12-13 MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting (...
8634 2016-10-04 WordPress Appointment Schedule Booking System - Authenticated Stored XSS
8628 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Download
8627 2016-09-26 W3 Total Cache <= 0.9.4.1 – Authenticated Arbitrary File Upload
8622 2016-09-20 Neosense Theme <= 1.7 - Unrestricted File Upload
8616 2016-09-08 WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
8615 2016-09-08 WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image ...
8614 2016-09-07 brafton WordPress Plugin <=3.4.7 - Reflected XSS
8611 2016-08-29 404 to 301 <= 2.3.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
8608 2016-08-24 WordPress Zero Spam <= 2.1.1 - Unauthenticated Blind SQL Injection
8606 2016-08-20 WordPress 4.5.3 - Authenticated Denial of Service (DoS)
8591 2016-08-12 Store Locator Plus for WordPress <= 4.5.10 - Authenticated Cross-Site Sc...
8586 2016-08-04 WordPress Landing Pages <= 2.2.4 - Reflected Cross-Site Scripting (XSS)
8562 2016-07-20 WordPress Video Player <= 1.5.16 - Multiple Authenticated Blind SQL Inje...
8557 2016-07-19 Form Lightbox - Arbitrary Option Update Leading to Admin Account
8527 2016-06-23 WordPress File Upload <= 3.8.5 - Insufficient File Extension Blacklisting
8525 2016-06-23 WordPress File Monitor - Stored Cross-Site Scripting (XSS)
8524 2016-06-22 WordPress 4.5.2 - Password Change via Stolen Cookie