WordPress Vulnerabilities

wordpress vulnerabilities This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.

Have you ever wondered why websites get hacked ?

Plugin / Theme Published Vulnerability Vulnerable Fixed in Fixed on ID
Drag and Drop Multiple File Upload - Contact Form 7May 26, 2020Unauthenticated File Upload Bypass< 12, 202000055
Form Maker by 10WebMay 26, 2020Authenticated SQL Injection<= 1.13.35no fixno fix00054
Official MailerLite Sign Up FormsMay 25, 2020Unauthenticated SQL Injection< 12, 202000053
Official MailerLite Sign Up FormsMay 25, 2020Multiple CSRF Issues<= 26, 202000052
ThirstyAffiliates Affiliate Link ManagerMay 25, 2020Authenticated Stored Cross-Site Scripting (XSS)< 22, 202000051
Add-on SweetAlert Contact Form 7May 25, 2020Authenticated Stored Cross-Site Scripting (XSS)< 21, 202000050
WP Frontend ProfileMay 19, 2020CSRF Check Incorrectly Implemented< 19, 202000049
Paid Memberships ProMay 19, 2020Authenticated SQL Injection< 13, 202000048
Ajax Load MoreMay 18, 2020Authenticated SQL Injection<= 19, 202000047
Visual ComposerMay 18, 2020Multiple Authenticated Cross-Site Scripting Issues (XSS)< 27.027.0May 12, 202000046
Team MembersMay 16, 2020Authenticated Stored Cross-Site Scripting (XSS)< 16, 202000045
Photo Gallery by 10WebMay 15, 2020Unauthenticated SQL Injection< 1.5.551.5.55May 13, 202000044
Login/Signup PopupMay 14, 2020Authenticated Stored Cross-Site Scripting (XSS)< 1.51.5May 14, 202000043
WP Product Review LiteMay 14, 2020Unauthenticated Stored Cross-Site Scripting (XSS)< 14, 202000042
Site Kit by GoogleMay 13, 2020Privilege Escalation to gain Search Console Access< 7, 202000041
Easy TestimonialsMay 13, 2020Authenticated Stored Cross-Site Scripting (XSS)< 3.63.6May 12, 202000040
WooCommerceMay 12, 2020Unescaped Metadata when Duplicating Products (XSS)< 5, 202000039
Page Builder by SiteOriginMay 11, 2020CSRF to Reflected Cross-Site Scripting (XSS)< 5, 202000038
ChopsliderMay 9, 2020Unauthenticated Blind SQL Injection<= 3.4no fixno fix00037
Elementor ProMay 7, 2020Authenticated Arbitrary File Upload< 7, 202000036


Who we are

What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.

Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.

We are located in Croatia (Europe).

Our mission

Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.

We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.