WordPress Vulnerabilities


wordpress vulnerabilities This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.

Have you ever wondered why websites get hacked ?

Plugin / Theme Published Vulnerability Vulnerable Fixed in Fixed on ID
Ultimate Addons for ElementorMay 7, 2020Registration Bypass< 1.24.21.24.2May 4, 202000035
ElementorMay 6, 2020SVG Sanitizer Bypass leading to Authenticated Stored XSS< 2.9.82.9.8April 21, 202000034
Advanced Order Export For WooCommerceMay 4, 2020Authenticated Cross-Site Scripting (XSS)< 3.1.43.1.4April 15, 202000033
WTI Like PostMay 2, 2020Authenticated Stored Cross-Site Scripting (XSS)<= 1.4.5no fix / plugin closedno fix / plugin closed00032
AvadaMay 1, 2020Missing Permission Checks leading to Arbitrary Post Creation / Edition / Deletion and Stored XSS< 6.2.36.2.3April 24, 202000031
LearnPressApril 29, 2020Authenticated Time Based Blind SQL Injection< 3.2.6.83.2.6.8April 22, 202000030
WordPressApril 29, 2020Authenticated Cross-Site Scripting (XSS) in Customizer< 5.4.15.4.1April 29, 202000029
WordPressApril 29, 2020Authenticated Cross-Site Scripting (XSS) in File Uploads< 5.4.15.4.1April 29, 202000028
WordPressApril 29, 2020Authenticated Cross-Site Scripting (XSS) in Search Block< 5.4.15.4.1April 29, 202000027
WordPressApril 29, 2020Cross-Site Scripting (XSS) in wp-object-cache< 5.4.15.4.1April 29, 202000026
WordPressApril 29, 2020Password Reset Tokens Failed to Be Properly Invalidated< 5.4.15.4.1April 29, 202000025
WordPressApril 29, 2020Stored Cross-Site Scripting (XSS) in Customizer< 5.4.15.4.1April 29, 202000024
WordPressApril 29, 2020Unauthenticated Users View Private Posts< 5.4.15.4.1April 29, 202000023
Ninja FormsApril 29, 2020Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS)< 3.4.24.23.4.24.2April 28, 202000022
Gmedia Photo GalleryApril 28, 2020Multiple Cross-Site Scripting (XSS)< 1.18.51.18.5April 27, 202000021
LearnPressApril 28, 2020Authenticated Page Creation and Status Modification< 3.2.6.93.2.6.9April 22, 202000020
LearnPressApril 28, 2020Privilege Escalation to "LP Instructor"< 3.2.6.93.2.6.9April 22, 202000019
Quick Page/Post RedirectApril 28, 2020Authenticated Settings Update<= 5.1.9no fix / plugin closedno fix / plugin closed00018
WP-Advanced-SearchApril 28, 2020Authenticated SQL Injection< 3.3.73.3.7April 23, 202000017
Real-Time Find and ReplaceApril 27, 2020Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS)< 4.0.24.0.2April 22, 202000016

Soulstudio


Who we are

What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.

Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.

We are located in Croatia (Europe).

Our mission

Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.

We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.