WPScan Vulnerability Database

Cataloging 16870 WordPress Core, Plugin and Theme vulnerabilities

Latest WordPress Vulnerabilities


2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Customizer
2019-10-14 WordPress <= 5.2.3 - Stored XSS in Style Tags
2019-10-14 WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Latest Plugin Vulnerabilities


2019-12-02 CSS Hero <= 4.03 - Authenticated Reflected XSS
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-11-19 Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code
2019-11-19 WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scr...
2019-11-17 Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)
2019-11-14 Blog2Social < 5.9.0 - Cross-Site Scripting Issue
2019-11-13 Email Subscribers & Newsletters < 4.2.3 - Multiple Issues

Latest Theme Vulnerabilities


2019-12-02 Mesmerize & Materialis Themes - Authenticated Options Update
2019-10-21 Bridge Theme <= 18.2 - Open Redirect
2019-10-09 SoundPress <= 2.2.6 - Cross-Site Scripting (XSS)
2019-09-27 Zoner <= 4.1.1 - Persistent XSS & IDOR
2019-09-16 InJob <= 3.3.7 - Reflected & Persistent XSS
2019-09-08 Nexos - Real Estate <= 1.6 - SQL Injection & Persistent XSS
2019-09-08 Reality | Estate Multipurpose <= 2.3.0 - Multiple Persistent XSS

Most Viewed Vulnerabilities


2018-09-04 Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
2019-09-05 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
2014-08-01 Contact Form 7 <= 3.7.1 - CAPTCHA Bypass
2019-11-26 WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)
2019-03-13 WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
2014-11-25 WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2019-09-05 WordPress 5.2.2 - Cross-Site Scripting (XSS) in Dashboard