CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Community Events (Unauthenticated SQL Injection) < 1.5.2
PROTECTED
Motors - Car Dealership & Classified Listings Plugin (Arbitrary File Deletion) < 1.4.90
PROTECTED
RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login (SQL Injection) < 6.0.6.3
PROTECTED
Progress Planner (Missing Authorization to Arbitrary Options Update) < 1.8.1
PROTECTED
Cost Calculator Builder (Missing Authorization) < 3.5.33
PROTECTED
OAuth Single Sign On - SSO [OAuth Client] (Authentication Bypass) < 6.26.13
PROTECTED
Spirit Framework (Privilege Escalation) < 1.2.15
PROTECTED
AP Background (Arbitrary File Upload) < 3.8.3
PROTECTED
TextBuilder (Cross-Site Request Forgery to Privilege Escalation) < 1.2.0
PROTECTED
RestroPress - Online Food Ordering System (Unauthenticated Information Exposure to Authentication Bypass) < 3.1.9.2
PROTECTED
JoomSport (Local File Inclusion) < 5.7.4
PROTECTED
WP Dispatcher (SQL Injection via Shortcode)
PROTECTED
Appy Pie Connect for WooCommerce (Missing Authorization to Unauthenticated Privilege Escalation) < 1.1.3
PROTECTED
WPRecovery (Unauthenticated SQL Injection)
PROTECTED
Copypress Rest API (Unauthenticated Remote Code Execution) < 1.2.1
PROTECTED
Tiny Bootstrap Elements Light (Unauthenticated Local File Inclusion)
PROTECTED
Bei Fen - WordPress Backup Plugin (Local File Inclusion)
PROTECTED
AffiliateWP (Unauthenticated SQL Injection) < 2.29.0
PROTECTED
HidePost (Cross-Site Request Forgery)
PROTECTED
Sync Feedly (Cross-Site Request Forgery to Sync Trigger)
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.