Download Free

CROWD-SOURCED
VULNERABILITIES DATABASE

Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –

Simply Schedule Appointments (Unauthenticated SQL Injection) < 1.6.9.13
14 Jan
PROTECTED
Shipping Rate By Cities (Unauthenticated SQL Injection) < 2.0.1
13 Jan
PROTECTED
Brevo for WooCommerce (Unauthenticated Stored Cross-Site Scripting) < 4.0.50
8 Jan
PROTECTED
Frontend Admin by DynamiApps (Unauthenticated Privilege Escalation) < 3.28.26
8 Jan
PROTECTED
SlimStat Analytics (Cross-Site Scripting) < 5.3.5
8 Jan
PROTECTED
Eventin - Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (Missing Authorization to Unauthenticated Stored Cross-Site Scripting) < 4.0.52
8 Jan
PROTECTED
Frontend Admin by DynamiApps (Missing Authorization to Unauthenticated Arbitrary Data Deletion) < 3.28.26
8 Jan
PROTECTED
Frontend Admin by DynamiApps (Unauthenticated Stored Cross-Site Scripting) < 3.28.24
8 Jan
PROTECTED
WP Photo Album Plus (Reflected Cross-Site Scripting) < 9.1.05.009
6 Jan
PROTECTED
iPaymu Payment Gateway for WooCommerce (Missing Authentication to Unauthenticated Payment Bypass) < 2.0.3
6 Jan
PROTECTED
Reviewify (Missing Authorization to Arbitrary WooCommerce Coupon Creation) < 1.0.8
6 Jan
PROTECTED
Download Manager (Privilege Escalation via updatePassword) < 3.3.41
5 Jan
PROTECTED
AS Password Field In Default Registration Form (Privilege Escalation via Account Takeover) < 2.0.1
5 Jan
PROTECTED
BuddyPress Xprofile Custom Field Types (Arbitrary File Deletion) < 1.3.0
5 Jan
PROTECTED
FS Registration Password (Unauthenticated Privilege Escalation) < 2.0.1
5 Jan
PROTECTED
Branda - White Label & Branding, Free Login Page Customizer (Unauthenticated Privilege Escalation via Account Takeover) < 3.4.29
1 Jan
PROTECTED
Advanced Ads (Remote Code Execution via Shortcode) < 2.0.15
29 Dec 2025
PROTECTED
Lucky Wheel for WooCommerce - Spin a Sale (PHP Code Injection via Conditional Tags) < 1.1.14
29 Dec 2025
PROTECTED
Print Invoice & Delivery Notes for WooCommerce (Unauthenticated Remote Code Execution) < 5.9.0
23 Dec 2025
PROTECTED
WP JobHunt (Stored Cross-Site Scripting) < 7.8
20 Dec 2025
PROTECTED

Crowdsourced Patches for Crowdsourced Vulnerabilities.

© 2026. All rights reserved.