WPScan Vulnerability Database
WordPress
Plugins
Themes
Submit
WPScan Vulnerability Database
4601
Cataloging
0
4601
WordPress Core, Plugin and Theme vulnerabilities
Free Email Alerts
Submit a Vulnerability
Try our API
Latest WordPress Vulnerabilities
2016-05-06
WordPress 4.2-4.5.1 - Pupload Same Origin Method Execution (SOME)
2016-05-06
WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
2016-04-28
WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
2016-04-28
WordPress <= 4.4.2 - Reflected XSS in Network Settings
2016-04-28
WordPress <= 4.4.2 - Script Compression Option CSRF
2016-02-02
WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
2016-02-02
WordPress 3.7-4.4.1 - Open Redirect
Latest Plugin Vulnerabilities
2016-05-06
Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure
2016-05-04
Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities
2016-05-02
Ghost Plugin <= 0.5.5 - Unrestricted Export Download
2016-05-03
bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS)
2016-05-03
Advanced Custom Fields <= 4.4.7 - Authenticated Cross-Site Scripting (XSS)
2016-05-03
MainWP <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
2016-04-29
Simple Photo Gallery <= 1.8.0 - Stored Cross-Site Scripting (XSS)
Latest Theme Vulnerabilities
2016-04-30
Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-04-05
ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-03-11
Beauty Theme 1.0.8 - Arbitrary File Upload
2016-03-03
Antioch Theme - Arbitrary File Download
2016-03-03
epic Theme - Arbitrary File Download
2016-02-29
Good News Themes - Reflected Cross-Site Scripting (XSS)
2016-02-18
ElegantThemes - Privilege Escalation
Most Viewed Vulnerabilities
2014-11-25
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2015-09-15
WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
2015-06-11
WordPress 4.1 - 4.1.1 - Arbitrary File Upload
2015-03-11
WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection
2015-08-04
WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
2016-01-06
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
2014-11-20
WordPress <= 4.0 - Long Password Denial of Service (DoS)
