WordPress Vulnerabilities


wordpress vulnerabilities This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.

Have you ever wondered why websites get hacked ?

Plugin / Theme Published Vulnerability Vulnerable Fixed in Fixed on ID
Testimonial RotatorJune 17, 2020Authenticated Stored Cross-Site Scripting (XSS)< 3.0.33.0.3June 15, 202000078
Page Builder: KingComposerJune 15, 2020Multiple Critical Issues< 2.9.42.9.4June 8, 202000077
WordPressJune 10, 2020Authenticated XSS via Media Files< 5.4.25.4.2June 10, 202000076
WordPressJune 10, 2020Authenticated XSS via Theme Upload< 5.4.25.4.2June 10, 202000075
WordPressJune 10, 2020Disclosure of Password-Protected Page/Post Comments< 5.4.25.4.2June 10, 202000074
WordPressJune 10, 2020Misuse of set-screen-option Leading to Privilege Escalation< 5.4.25.4.2June 10, 202000073
WordPressJune 10, 2020Open Redirection< 5.4.25.4.2June 10, 202000072
WordPressJune 10, 2020Authenticated XSS in Block Editor< 5.4.25.4.2June 10, 202000071
Brizy - Page BuilderJune 10, 2020Improper Access Controls on AJAX Calls< 1.0.1261.0.126June 3, 202000070
SportsPressJune 7, 2020Authenticated Stored Cross-Site Scripting (XSS)< 2.7.22.7.2June 6, 202000069
Elementor Page BuilderJune 5, 2020Authenticated Stored Cross-Site Scripting (XSS)< 2.9.102.9.10June 1, 202000068
JobSearchJune 3, 2020Unauthenticated Reflected Cross-Site Scripting (XSS)< 1.5.11.5.1June 3, 202000067
CareerfyJune 3, 2020Unauthenticated Reflected Cross-Site Scripting (XSS)< 3.9.03.9.0June 3, 202000066
NewspaperJune 3, 2020Authenticated Reflected Cross-Site Scripting (XSS)< 10.3.410.3.4May 20, 202000065
AdRotateJune 3, 2020Authenticated SQL Injection< 5.8.45.8.4June 2, 202000064
Multi SchedulerMay 29, 2020Arbitrary Record Deletion via CSRF1.0.0no fix / plugin closedno fix / plugin closed00063
bbPressMay 28, 2020Authenticated Stored Cross-Site Scripting (XSS) via the forums list table< 2.6.52.6.5May 28, 202000062
bbPressMay 28, 2020Authenticated Privilege Escalation via the Super Moderator feature< 2.6.52.6.5May 28, 202000061
bbPressMay 28, 2020Unauthenticated Privilege Escalation when New User Registration is enabled< 2.6.52.6.5May 28, 202000060
Image Photo Gallery Final Tiles GridMay 28, 2020Authenticated Stored Cross-Site Scripting (XSS)< 3.4.193.4.19May 27, 202000059

Need someone to take care of your WordPress website?

The easiest way to describe WordPress care services is to say that they bring peace of mind to WordPress site owners and save their time. But not only that, proper WordPress maintenance and monitoring can prevent a lot of potential problems on your website and make it perform faster and better, helping you attract and convert new clients.

  • Speed
  • Security
  • WP updates
  • Daily backups
  • Hosting
  • Uptime monitoring
  • Spam protection
  • SSL certificates
  • Malware removal
  • Form testing
  • SEO blacklist checkup
  • Database optimization
  • Activity monitoring
  • Technical support
  • Free migrations

Soulstudio


Who we are

What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.

Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.

We are located in Croatia (Europe).

Our mission

Our mission is to provide fast, stable and secure hosting environment for your WordPress websites, as well as professional WordPress care services and ongoing user support.

We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.