CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Booking for Appointments and Events Calendar - Amelia (Unauthenticated SQL Injection via search) < 1.2.36
PROTECTED
SNORDIAN's H5PxAPIkatchu (Unauthenticated Stored Cross-Site Scripting via insert_data) < 0.4.18
PROTECTED
AI Engine (PHP Object Injection via PHAR Deserialization) < 3.1.9
PROTECTED
Booking Calendar | Appointment Booking | Bookit (Missing Authorization to Unauthenticated Stripe Connection) < 2.5.1
PROTECTED
Payment Plugins Braintree For WooCommerce (Missing Authorization to Payment Token Exposure) < 3.2.79
PROTECTED
WP for CPI (Unauthenticated Arbitrary File Upload) < 1.0.3
PROTECTED
Elastic Theme Editor (Arbitrary File Upload)
PROTECTED
Holiday class post calendar (Remote Code Execution)
PROTECTED
Mementor Core (Privilege Escalation)
PROTECTED
EasyCommerce - AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin (Privilege Escalation) < 1.8.3
PROTECTED
Astra Security Suite - Firewall & Malware Scan (Arbitrary File Upload)
PROTECTED
Auto Amazon Links - Amazon Associates Affiliate Plugin (Unauthenticated Arbitrary File Read)
PROTECTED
TNC Toolbox: Web Performance (Unauthenticated Sensitive Information Exposure) < 2.0.0
PROTECTED
Academy LMS - WordPress LMS Plugin for Complete eLearning Solution (PHP Object Injection) < 3.3.9
PROTECTED
Better Find and Replace (Limited Code Injection) < 1.7.8
PROTECTED
Smart Auto Upload Images (Arbitrary File Upload) < 1.2.1
PROTECTED
Asgaros Forum (Unauthenticated SQL Injection) < 3.2.0
PROTECTED
Mail Mint (Arbitrary File Upload) < 1.18.11
PROTECTED
Alex Reservations: Smart Restaurant Booking (Arbitrary File Upload) < 2.2.4
PROTECTED
LC Wizard (Unauthenticated Privilege Escalation) < 1.4.0
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.