CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
SureForms - Drag and Drop Form Builder for WordPress (Missing Authorization to Form Creation) < 1.12.1
PROTECTED
Service Finder SMS System (Authentication Bypass)
PROTECTED
Service Finder Bookings (Unauthenticated Privilege Escalation)
PROTECTED
Embed PDF for WPForms (Arbitrary File Upload) < 1.1.6
PROTECTED
Kubio AI Page Builder (Missing Authorization Plugin Installation) < 2.6.5
PROTECTED
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages (Arbitrary Plugin Installation) < 3.4.4
PROTECTED
StoreEngine - Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More (Arbitrary File Upload) < 1.5.1
PROTECTED
Catch Dark Mode (Local File Inclusion) < 2.0.1
PROTECTED
WP Import - Ultimate CSV XML Importer for WordPress (Arbitrary File Deletion) < 7.28
PROTECTED
WP Import - Ultimate CSV XML Importer for WordPress (Remote Code Execution via Code Injection) < 7.29
PROTECTED
The Hack Repair Guy's Plugin Archiver (Arbitrary File Deletion) < 3.1.1
PROTECTED
LWS Cleaner (Arbitrary File Deletion) < 2.4.2
PROTECTED
The Events Calendar (Unauthenticated SQL Injection) < 6.15.1.1
PROTECTED
Catalog Importer, Scraper & Crawler (Unauthenticated PHP Code Injection)
PROTECTED
All in one Minifier (Unauthenticated SQL Injection) < 3.3
PROTECTED
Ultimate Classified Listings (Local File Inclusion)
PROTECTED
My WP Translate (Arbitrary Options Update)
PROTECTED
Propovoice (Unauthenticated Arbitrary File Read) < 1.7.8
PROTECTED
Time Tracker (Arbitrary Options Update and Limited Data Deletion) < 3.2.0
PROTECTED
Import any XML, CSV or Excel File to WordPress (Unsafe File Upload) < 3.9.4
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2025. All rights reserved.