WPScan Vulnerability Database
WordPress
Plugins
Themes
Submit
WPScan Vulnerability Database
4624
Cataloging
0
4624
WordPress Core, Plugin and Theme vulnerabilities
Free Email Alerts
Submit a Vulnerability
Try our API
Latest WordPress Vulnerabilities
2016-05-06
WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
2016-05-06
WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
2016-04-28
WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
2016-04-28
WordPress <= 4.4.2 - Reflected XSS in Network Settings
2016-04-28
WordPress <= 4.4.2 - Script Compression Option CSRF
2016-02-02
WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
2016-02-02
WordPress 3.7-4.4.1 - Open Redirect
Latest Plugin Vulnerabilities
2016-06-09
EWWW Image Optimizer <= 2.8.3 - Remote Code Execution
2016-06-07
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload
2016-06-07
Wordpress Levo-Slideshow 2.3 - Persistent XSS Vulnerability
2016-06-06
OneLogin SAML SSO <= 2.1.5 - Authentication Bypass
2016-06-06
OneLogin SAML SSO <= 2.1.8 - Provisioned User Hardcoded Password
2016-06-07
Double Opt-In for Download <= 2.0.9 - Authenticated SQL Injection
2016-06-03
WP Mobile Detector <= 3.5 - Arbitrary File Upload
Latest Theme Vulnerabilities
2016-04-30
Truemag Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-04-05
ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
2016-03-11
Beauty Theme 1.0.8 - Arbitrary File Upload
2016-03-03
Antioch Theme - Arbitrary File Download
2016-03-03
epic Theme - Arbitrary File Download
2016-02-29
Good News Themes - Reflected Cross-Site Scripting (XSS)
2016-02-18
ElegantThemes - Privilege Escalation
Most Viewed Vulnerabilities
2014-11-25
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2015-09-15
WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
2015-06-11
WordPress 4.1 - 4.1.1 - Arbitrary File Upload
2015-08-04
WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection
2015-03-11
WordPress SEO by Yoast <= 1.7.3.3 - Blind SQL Injection
2016-01-06
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
2014-11-20
WordPress <= 4.0 - Long Password Denial of Service (DoS)
