This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.
Have you ever wondered why websites get hacked ?
|Plugin / Theme||Published||Vulnerability||Vulnerable||Fixed in||Fixed on||ID|
|Drag and Drop Multiple File Upload - Contact Form 7||May 26, 2020||Unauthenticated File Upload Bypass||< 184.108.40.206||220.127.116.11||May 12, 2020||00055|
|Form Maker by 10Web||May 26, 2020||Authenticated SQL Injection||<= 1.13.35||no fix||no fix||00054|
|Official MailerLite Sign Up Forms||May 25, 2020||Unauthenticated SQL Injection||< 1.4.4||1.4.4||May 12, 2020||00053|
|Official MailerLite Sign Up Forms||May 25, 2020||Multiple CSRF Issues||<= 1.4.4||1.4.5||May 26, 2020||00052|
|ThirstyAffiliates Affiliate Link Manager||May 25, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 3.9.3||3.9.3||May 22, 2020||00051|
|Add-on SweetAlert Contact Form 7||May 25, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 1.0.8||1.0.8||May 21, 2020||00050|
|WP Frontend Profile||May 19, 2020||CSRF Check Incorrectly Implemented||< 1.2.2||1.2.2||May 19, 2020||00049|
|Paid Memberships Pro||May 19, 2020||Authenticated SQL Injection||< 2.3.3||2.3.3||May 13, 2020||00048|
|Ajax Load More||May 18, 2020||Authenticated SQL Injection||<= 5.3.1||5.3.2||May 19, 2020||00047|
|Visual Composer||May 18, 2020||Multiple Authenticated Cross-Site Scripting Issues (XSS)||< 27.0||27.0||May 12, 2020||00046|
|Team Members||May 16, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 5.0.4||5.0.4||May 16, 2020||00045|
|Photo Gallery by 10Web||May 15, 2020||Unauthenticated SQL Injection||< 1.5.55||1.5.55||May 13, 2020||00044|
|Login/Signup Popup||May 14, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 1.5||1.5||May 14, 2020||00043|
|WP Product Review Lite||May 14, 2020||Unauthenticated Stored Cross-Site Scripting (XSS)||< 3.7.6||3.7.6||May 14, 2020||00042|
|Site Kit by Google||May 13, 2020||Privilege Escalation to gain Search Console Access||< 1.8.0||1.8.0||May 7, 2020||00041|
|Easy Testimonials||May 13, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 3.6||3.6||May 12, 2020||00040|
|WooCommerce||May 12, 2020||Unescaped Metadata when Duplicating Products (XSS)||< 4.1.0||4.1.0||May 5, 2020||00039|
|Page Builder by SiteOrigin||May 11, 2020||CSRF to Reflected Cross-Site Scripting (XSS)||< 2.10.16||2.10.16||May 5, 2020||00038|
|Chopslider||May 9, 2020||Unauthenticated Blind SQL Injection||<= 3.4||no fix||no fix||00037|
|Elementor Pro||May 7, 2020||Authenticated Arbitrary File Upload||< 2.9.4||2.9.4||May 7, 2020||00036|
What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.
Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.
We are located in Croatia (Europe).
Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.
We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.