CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Professional Contact Form (Cross-Site Request Forgery to Test Email Sending)
PROTECTED
WP Statistics (Unauthenticated Stored Cross-Site Scripting) < 14.15.5
PROTECTED
cForms - Light speed fast Form Builder (Cross-Site Request Forgery)
PROTECTED
WP-DownloadManager (Arbitrary File Upload) < 1.69
PROTECTED
Featured Image from URL (FIFU) (Unauthenticated Information Exposure via Log File) < 5.2.8
PROTECTED
Featured Image from URL (FIFU) (SQL Injection) < 5.2.8
PROTECTED
System Dashboard (Cross-Site Request Forgery) < 2.8.21
PROTECTED
MultiLoca - WooCommerce Multi Locations Inventory Management (Arbitrary Options Update) < 4.2.9
PROTECTED
WPCasa (Unauthenticated Code Injection) < 1.4.2
PROTECTED
Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) (Arbitrary File Upload) < 4.9.55
PROTECTED
Miniorange OTP Verification with Firebase (Unauthenticated Privilege Escalation)
PROTECTED
ClickWhale (SQL injection) < 2.5.1
PROTECTED
Custom Login And Signup Widget (Cross-Site Request Forgery)
PROTECTED
Secure Passkeys (Missing Authorization to Passkey Exposure and Deletion) < 1.2.2
PROTECTED
Robcore Netatmo (SQL Injection via Shortcode) < 1.8
PROTECTED
Internal Links Manager (Cross-Site Request Forgery) < 3.0.2
PROTECTED
SureForms - Drag and Drop Form Builder for WordPress (Missing Authorization to Form Creation) < 1.12.1
PROTECTED
Service Finder SMS System (Authentication Bypass)
PROTECTED
Service Finder Bookings (Unauthenticated Privilege Escalation)
PROTECTED
Embed PDF for WPForms (Arbitrary File Upload) < 1.1.6
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.