WordPress Vulnerabilities


wordpress vulnerabilities This is a list of known WordPress theme, plugin and core vulnerabilities, displayed in a user friendly format. The list is updated daily and it uses WPScan vulnerability entries as well as other sources.

Have you ever wondered why websites get hacked ?

Plugin / Theme Published Vulnerability Vulnerable Fixed in Fixed on ID
Simple File ListApril 27, 2020Unauthenticated Arbitrary File Upload (RCE)< 4.2.34.2.3April 19, 202000015
WP Post Page CloneApril 25, 2020SQL Injection due to Duplicated Snippets1.01.1May 10, 202000014
Duplicate Page and PostApril 25, 2020SQL Injection due to Duplicated Snippets< 2.5.72.5.7Feb 22, 202000013
YOP PollApril 24, 2020Authenticated Stored Cross-Site Scripting (XSS)< 6.1.56.1.5April 22, 202000012
MapPress MapsApril 23, 2020Authenticated Map Creation/Deletion Leading to Stored Cross-Site Scripting (XSS)< 2.53.92.53.9April 2, 202000011
MapPress MapsApril 23, 2020Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions< 2.53.92.53.9April 2, 202000010
WP GDPRApril 23, 2020Multiple Unauthenticated Issues<= 2.1.1no fix / plugin closedno fix / plugin closed00009
Catch BreadcrumbApril 22, 2020Unauthenticated Reflected Cross-Site Scripting (XSS)<= 1.5.41.5.5April 23, 202000008
GTranslateApril 20, 2020Reflected Cross-Site Scripting (XSS)< 2.8.522.8.52Feb 17, 202000007
Media Library AssistantApril 19, 2020Authenticated RCE< 2.822.82April 2, 202000006
Widget Settings Importer/ExporterApril 15, 2020Authenticated Stored Cross-Site Scripting (XSS)<= 1.5.3no fix / plugin closedno fix / plugin closed00005
AccordionApril 14, 2020Unprotected AJAX Action to Stored/Reflected XSS< 2.2.92.2.9March 18, 202000004
Media Library AssistantApril 13, 2020Authenticated Stored Cross-Site Scripting (XSS)< 2.822.82April 2, 202000003
Media Library AssistantApril 13, 2020Unauthenticated Limited Local File Inclusion< 2.822.82April 2, 202000002
Responsive PollApril 13, 2020Broken Authentication and Missing Capability Checks on AJAX calls< 1.3.41.3.4April 2, 202000001

Soulstudio


Who we are

What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.

Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.

We are located in Croatia (Europe).

Our mission

Our mission is to provide fast, stable, secure and easy to manage hosting environment for your WordPress websites, as well as additional WordPress care services.

We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.