This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.
Have you ever wondered why websites get hacked ?
|Plugin / Theme||Published||Vulnerability||Vulnerable||Fixed in||Fixed on||ID|
|Testimonial Rotator||June 17, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 3.0.3||3.0.3||June 15, 2020||00078|
|Page Builder: KingComposer||June 15, 2020||Multiple Critical Issues||< 2.9.4||2.9.4||June 8, 2020||00077|
|WordPress||June 10, 2020||Authenticated XSS via Media Files||< 5.4.2||5.4.2||June 10, 2020||00076|
|WordPress||June 10, 2020||Authenticated XSS via Theme Upload||< 5.4.2||5.4.2||June 10, 2020||00075|
|WordPress||June 10, 2020||Disclosure of Password-Protected Page/Post Comments||< 5.4.2||5.4.2||June 10, 2020||00074|
|WordPress||June 10, 2020||Misuse of set-screen-option Leading to Privilege Escalation||< 5.4.2||5.4.2||June 10, 2020||00073|
|WordPress||June 10, 2020||Open Redirection||< 5.4.2||5.4.2||June 10, 2020||00072|
|WordPress||June 10, 2020||Authenticated XSS in Block Editor||< 5.4.2||5.4.2||June 10, 2020||00071|
|Brizy - Page Builder||June 10, 2020||Improper Access Controls on AJAX Calls||< 1.0.126||1.0.126||June 3, 2020||00070|
|SportsPress||June 7, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 2.7.2||2.7.2||June 6, 2020||00069|
|Elementor Page Builder||June 5, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 2.9.10||2.9.10||June 1, 2020||00068|
|JobSearch||June 3, 2020||Unauthenticated Reflected Cross-Site Scripting (XSS)||< 1.5.1||1.5.1||June 3, 2020||00067|
|Careerfy||June 3, 2020||Unauthenticated Reflected Cross-Site Scripting (XSS)||< 3.9.0||3.9.0||June 3, 2020||00066|
|Newspaper||June 3, 2020||Authenticated Reflected Cross-Site Scripting (XSS)||< 10.3.4||10.3.4||May 20, 2020||00065|
|AdRotate||June 3, 2020||Authenticated SQL Injection||< 5.8.4||5.8.4||June 2, 2020||00064|
|Multi Scheduler||May 29, 2020||Arbitrary Record Deletion via CSRF||1.0.0||no fix / plugin closed||no fix / plugin closed||00063|
|bbPress||May 28, 2020||Authenticated Stored Cross-Site Scripting (XSS) via the forums list table||< 2.6.5||2.6.5||May 28, 2020||00062|
|bbPress||May 28, 2020||Authenticated Privilege Escalation via the Super Moderator feature||< 2.6.5||2.6.5||May 28, 2020||00061|
|bbPress||May 28, 2020||Unauthenticated Privilege Escalation when New User Registration is enabled||< 2.6.5||2.6.5||May 28, 2020||00060|
|Image Photo Gallery Final Tiles Grid||May 28, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 3.4.19||3.4.19||May 27, 2020||00059|
The easiest way to describe WordPress care services is to say that they bring peace of mind to WordPress site owners and save their time. But not only that, proper WordPress maintenance and monitoring can prevent a lot of potential problems on your website and make it perform faster and better, helping you attract and convert new clients.
What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.
Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.
We are located in Croatia (Europe).
Our mission is to provide fast, stable and secure hosting environment for your WordPress websites, as well as professional WordPress care services and ongoing user support.
We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.