CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Outdoor (Unauthenticated SQL Injection) < 1.3.3
PROTECTED
WPBifrst - Instant Passwordless Temporary Login Links (Missing Authorization to Privilege Escalation) < 1.0.8
PROTECTED
Orion SMS OTP Verification (Authentication Bypass via Account Takeover)
PROTECTED
Category and Products Accordion Panel (Local File Inclusion via Shortcode) < 1.1
PROTECTED
Find And Replace content for WordPress (Missing Authorization)
PROTECTED
DocoDoco Store Locator (Arbitrary File Upload)
PROTECTED
Ovatheme Events Manager (Unauthenticated Arbitrary File Upload) < 1.8.6
PROTECTED
WP Freeio (Unauthenticated Privilege Escalation) < 1.2.22
PROTECTED
WooCommerce Designer Pro (Unauthenticated Arbitrary File Deletion) < 1.9.27
PROTECTED
GSheetConnector For Gravity Forms (Arbitrary Plugin Installation) < 1.3.28
PROTECTED
WP Links Page (SQL Injection) < 4.9.7
PROTECTED
Error Log Viewer by BestWebSoft (Arbitrary File Read) < 1.1.7
PROTECTED
WP JobHunt (Authorization Bypass) < 7.7
PROTECTED
Search & Go - Directory WordPress Theme (Privilege Escalation) < 2.8
PROTECTED
Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers (Unauthenticated SQL Injection) < 2.1.4
PROTECTED
Community Events (Unauthenticated SQL Injection) < 1.5.2
PROTECTED
Cookie Notice & Consent (Unauthenticated Stored Cross-Site Scripting via post_meta) < 1.6.6
PROTECTED
Lisfinity Core - Lisfinity Core plugin used for pebas Lisfinity WordPress theme (Privilege Escalation) < 1.5.0
PROTECTED
WP Travel Engine - Tour Booking Plugin Tour Operator Software (Arbitrary File Deletion via File Renaming) < 6.6.8
PROTECTED
WP Travel Engine - Tour Booking Plugin Tour Operator Software (Unauthenticated Local File Inclusion) < 6.6.8
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.