CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Relevanssi (Unauthenticated SQL Injection) < 4.24.5
PROTECTED
SMS Alert Order Notifications - WooCommerce (Privilege Escalation) < 3.8.2
PROTECTED
StoreKeeper for WooCommerce (Arbitrary File Upload)
PROTECTED
Lead Form Data Collection to CRM (Arbitrary Options Update)
PROTECTED
Ajar in5 Embed (Arbitrary File Upload)
PROTECTED
belingoGeo (Unauthenticated Arbitrary File Download)
PROTECTED
Drag and Drop Multiple File Upload for WooCommerce (Arbitrary File Upload) < 1.1.7
PROTECTED
1 Click WordPress Migration Plugin (Arbitrary File Upload)
PROTECTED
IMITHEMES Listing (Privilege Escalation) < 3.4
PROTECTED
WPBookit (Privilege Escalation) < 1.0.3
PROTECTED
SMS Alert Order Notifications - WooCommerce (Unauthenticated SQL Injection) < 3.8.2
PROTECTED
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner Groundhogg (Arbitrary File Deletion) < 4.1.2
PROTECTED
Envolve Plugin (Arbitrary File Upload) < 1.1.0
PROTECTED
Frontend Dashboard (Missing Authorization to Unauthenticated Privilege Escalation) < 2.2.7
PROTECTED
BuddyBoss Platform Pro (Authentication Bypass via Apple OAuth provider) < 2.7.10
PROTECTED
External image replace (Arbitrary File Upload)
PROTECTED
LayoutBoxx (Unauthenticated Arbitrary Shortcode Execution)
PROTECTED
Reales WP STPT (Privilege Escalation via Password Update)
PROTECTED
Job Listings (Unauthenticated Privilege Escalation via register_action Function)
PROTECTED
Motors - Car Dealer, Rental & Listing WordPress theme (Unauthenticated Arbitrary Shortcode Execution) < 5.6.66
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.