CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
RapidResult (SQL Injection)
PROTECTED
Email Tracker <= 5.3.12 - Authenticated (Admin+) SQL Injection
PROTECTED
Event Tickets and Registration (Unauthenticated Ticket Payment Bypass) < 5.26.6
PROTECTED
PPOM - Product Addons & Custom Fields for WooCommerce (Unauthenticated Arbitrary File Upload) < 33.0.16
PROTECTED
PPOM - Product Addons & Custom Fields for WooCommerce (Unauthenticated SQL Injection) < 33.0.16
PROTECTED
Theme Editor (Remote Code Execution) < 3.1
PROTECTED
Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
PROTECTED
Truelysell Core (Unauthenticated Arbitrary User Password Change via Shortcode)
PROTECTED
Felan Framework (Hardcoded Credentials) < 1.1.5
PROTECTED
XStore | Multipurpose WooCommerce Theme (Local File Inclusion) < 9.6
PROTECTED
Lisfinity Core - Lisfinity Core plugin used for pebas Lisfinity WordPress theme (Privilege Escalation) < 1.5.0
PROTECTED
Dynamically Display Posts (Unauthenticated SQL Injection) < 1.2
PROTECTED
Flex QR Code Generator (Arbitrary File Upload)
PROTECTED
Demo Import Kit (Arbitrary File Upload)
PROTECTED
Outdoor (Unauthenticated SQL Injection) < 1.3.3
PROTECTED
WPBifrst - Instant Passwordless Temporary Login Links (Missing Authorization to Privilege Escalation) < 1.0.8
PROTECTED
Orion SMS OTP Verification (Authentication Bypass via Account Takeover)
PROTECTED
Category and Products Accordion Panel (Local File Inclusion via Shortcode) < 1.1
PROTECTED
Find And Replace content for WordPress (Missing Authorization)
PROTECTED
DocoDoco Store Locator (Arbitrary File Upload)
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.