CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
Testing - Classic Editor plugin Deactivate
PROTECTED
Nested Pages - CSRF Local File Inclusion < 3.2.8
PROTECTED
MStore API - Create Native Android & iOS Apps On The Cloud - Authentication Bypass < 4.15.0
PROTECTED
Wallet for WooCommerce - SQL injection < 1.5.5
PROTECTED
JSON API User - Unauthenticated Privilege Escalation < 3.9.4
PROTECTED
Brizy - Page Builder - Authenticated (Contributor+) Arbitrary File Upload < 2.4.45
PROTECTED
timeline-event-history - Authenticated (Contributor+) PHP Object Injection
PROTECTED
Keydatas - Unauthenticated Arbitrary File Upload
PROTECTED
Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce - Missing Authorization < 5.7.27
PROTECTED
Duplica - Missing Authorization to Users/Posts Duplicates Creation -1 < 0.7
PROTECTED
Duplica - Missing Authorization to Users/Posts Duplicates Creation -2 < 0.7
PROTECTED
HUSKY - Products Filter Professional for WooCommerce < 1.3.6.1
PROTECTED
Testing - Classic widgets condition combination rule
PROTECTED
FV Flowplayer Video Player - SQL injection < 7.5.47.7212
PROTECTED
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin - Missing Authorization and Arbitrary Options Update and Arbitrary File Upload < 1.1.6
PROTECTED
BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation < 1.1.6
PROTECTED
XCloner - Unauthenticated Full Path Disclosure < 4.7.4
PROTECTED
Glossary - Unauthenticated Full Path Disclosure < 2.2.27
PROTECTED
SchedulePress - Unauthenticated Full Path Disclosure < 5.1.4
PROTECTED
WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce - Cross-Site Scripting via 'events' Shortcode < 3.1.44
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.