This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.
Have you ever wondered why websites get hacked ?
|Plugin / Theme||Published||Vulnerability||Vulnerable||Fixed in||Fixed on||ID|
|Simple File List||April 27, 2020||Unauthenticated Arbitrary File Upload (RCE)||< 4.2.3||4.2.3||April 19, 2020||00015|
|WP Post Page Clone||April 25, 2020||SQL Injection due to Duplicated Snippets||1.0||1.1||May 10, 2020||00014|
|Duplicate Page and Post||April 25, 2020||SQL Injection due to Duplicated Snippets||< 2.5.7||2.5.7||Feb 22, 2020||00013|
|YOP Poll||April 24, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 6.1.5||6.1.5||April 22, 2020||00012|
|MapPress Maps||April 23, 2020||Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS)||< 2.53.9||2.53.9||April 2, 2020||00011|
|MapPress Maps||April 23, 2020||Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions||< 2.53.9||2.53.9||April 2, 2020||00010|
|WP GDPR||April 23, 2020||Multiple Unauthenticated Issues||<= 2.1.1||no fix / plugin closed||no fix / plugin closed||00009|
|Catch Breadcrumb||April 22, 2020||Unauthenticated Reflected Cross-Site Scripting (XSS)||<= 1.5.4||1.5.5||April 23, 2020||00008|
|GTranslate||April 20, 2020||Reflected Cross-Site Scripting (XSS)||< 2.8.52||2.8.52||Feb 17, 2020||00007|
|Media Library Assistant||April 19, 2020||Authenticated RCE||< 2.82||2.82||April 2, 2020||00006|
|Widget Settings Importer/Exporter||April 15, 2020||Authenticated Stored Cross-Site Scripting (XSS)||<= 1.5.3||no fix / plugin closed||no fix / plugin closed||00005|
|Accordion||April 14, 2020||Unprotected AJAX Action to Stored/Reflected XSS||< 2.2.9||2.2.9||March 18, 2020||00004|
|Media Library Assistant||April 13, 2020||Authenticated Stored Cross-Site Scripting (XSS)||< 2.82||2.82||April 2, 2020||00003|
|Media Library Assistant||April 13, 2020||Unauthenticated Limited Local File Inclusion||< 2.82||2.82||April 2, 2020||00002|
|Responsive Poll||April 13, 2020||Broken Authentication and Missing Capability Checks on AJAX calls||< 1.3.4||1.3.4||April 2, 2020||00001|
What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.
Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.
We are located in Croatia (Europe).
Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.
We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.