CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Testing - Classic widgets condition combination rule
PROTECTED
FV Flowplayer Video Player - SQL injection < 7.5.47.7212
PROTECTED
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin - Missing Authorization and Arbitrary Options Update and Arbitrary File Upload < 1.1.6
PROTECTED
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation < 1.1.6
PROTECTED
XCloner - Unauthenticated Full Path Disclosure < 4.7.4
PROTECTED
Glossary - Unauthenticated Full Path Disclosure < 2.2.27
PROTECTED
SchedulePress - Unauthenticated Full Path Disclosure < 5.1.4
PROTECTED
WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce - Cross-Site Scripting via 'events' Shortcode < 3.1.44
PROTECTED
UserFeedback Lite - Cross site scripting < 1.0.16
PROTECTED
WordPress Team Manager - Authenticated Local File Inclusion < 2.1.13
PROTECTED
Barcode Scanner with Inventory & Order Manager - SQL injection < 1.6.2
PROTECTED
SEO Plugin by Squirrly SEO - SQL Injection < 12.3.20
PROTECTED
Getwid - Gutenberg Blocks < 2.0.11
PROTECTED
JS Help Desk - The Ultimate Help Desk & Support Plugin - Unauthenticated < 2.8.7
PROTECTED
Media Library Assistant - Arbritrary file upload < 3.19
PROTECTED
InPost PL - Unauthenticated Arbitrary File Read and Delete < 1.4.5
PROTECTED
Zephyr Project Manager - Privilege Escalation < 3.3.102
PROTECTED
Zephyr Project Manager - Privilege Escalation < 3.3.102
PROTECTED
Slider & Popup Builder by Depicter - Arbitrary File Upload < 3.1.2
PROTECTED
Contact Form by Bit Form (SQL injection) < 2.13.10
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2025. All rights reserved.