This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.
Have you ever wondered why websites get hacked ?
|Plugin / Theme||Published||Vulnerability||Vulnerable||Fixed in||Fixed on||ID|
|Ultimate Addons for Elementor||May 7, 2020||Registration Bypass||< 1.24.2||1.24.2||May 4, 2020||00035|
|Elementor||May 6, 2020||SVG Sanitizer Bypass leading to Authenticated Stored XSS||< 2.9.8||2.9.8||April 21, 2020||00034|
|Advanced Order Export For WooCommerce||May 4, 2020||Authenticated Cross-Site Scripting (XSS)||< 3.1.4||3.1.4||April 15, 2020||00033|
|WTI Like Post||May 2, 2020||Authenticated Stored Cross-Site Scripting (XSS)||<= 1.4.5||no fix / plugin closed||no fix / plugin closed||00032|
|Avada||May 1, 2020||Missing Permission Checks leading to Arbitrary Post Creation / Edition / Deletion and Stored XSS||< 6.2.3||6.2.3||April 24, 2020||00031|
|LearnPress||April 29, 2020||Authenticated Time Based Blind SQL Injection||< 18.104.22.168||22.214.171.124||April 22, 2020||00030|
|WordPress||April 29, 2020||Authenticated Cross-Site Scripting (XSS) in Customizer||< 5.4.1||5.4.1||April 29, 2020||00029|
|WordPress||April 29, 2020||Authenticated Cross-Site Scripting (XSS) in File Uploads||< 5.4.1||5.4.1||April 29, 2020||00028|
|WordPress||April 29, 2020||Authenticated Cross-Site Scripting (XSS) in Search Block||< 5.4.1||5.4.1||April 29, 2020||00027|
|WordPress||April 29, 2020||Cross-Site Scripting (XSS) in wp-object-cache||< 5.4.1||5.4.1||April 29, 2020||00026|
|WordPress||April 29, 2020||Password Reset Tokens Failed to Be Properly Invalidated||< 5.4.1||5.4.1||April 29, 2020||00025|
|WordPress||April 29, 2020||Stored Cross-Site Scripting (XSS) in Customizer||< 5.4.1||5.4.1||April 29, 2020||00024|
|WordPress||April 29, 2020||Unauthenticated Users View Private Posts||< 5.4.1||5.4.1||April 29, 2020||00023|
|Ninja Forms||April 29, 2020||Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS)||< 126.96.36.199||188.8.131.52||April 28, 2020||00022|
|Gmedia Photo Gallery||April 28, 2020||Multiple Cross-Site Scripting (XSS)||< 1.18.5||1.18.5||April 27, 2020||00021|
|LearnPress||April 28, 2020||Authenticated Page Creation and Status Modification||< 184.108.40.206||220.127.116.11||April 22, 2020||00020|
|LearnPress||April 28, 2020||Privilege Escalation to "LP Instructor"||< 18.104.22.168||22.214.171.124||April 22, 2020||00019|
|Quick Page/Post Redirect||April 28, 2020||Authenticated Settings Update||<= 5.1.9||no fix / plugin closed||no fix / plugin closed||00018|
|WP-Advanced-Search||April 28, 2020||Authenticated SQL Injection||< 3.3.7||3.3.7||April 23, 2020||00017|
|Real-Time Find and Replace||April 27, 2020||Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS)||< 4.0.2||4.0.2||April 22, 2020||00016|
What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.
Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.
We are located in Croatia (Europe).
Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.
We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.