CROWD-SOURCED
VULNERABILITIES DATABASE
Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –
The Hack Repair Guy's Plugin Archiver (Arbitrary File Deletion) < 3.1.1
PROTECTED
LWS Cleaner (Arbitrary File Deletion) < 2.4.2
PROTECTED
The Events Calendar (Unauthenticated SQL Injection) < 6.15.1.1
PROTECTED
Catalog Importer, Scraper & Crawler (Unauthenticated PHP Code Injection)
PROTECTED
All in one Minifier (Unauthenticated SQL Injection) < 3.3
PROTECTED
Ultimate Classified Listings (Local File Inclusion)
PROTECTED
My WP Translate (Arbitrary Options Update)
PROTECTED
Propovoice (Unauthenticated Arbitrary File Read) < 1.7.8
PROTECTED
Time Tracker (Arbitrary Options Update and Limited Data Deletion) < 3.2.0
PROTECTED
Import any XML, CSV or Excel File to WordPress (Unsafe File Upload) < 3.9.4
PROTECTED
Resideo Plugin for Resideo - Real Estate WordPress Theme (Privilege Escalation)
PROTECTED
WP Import - Ultimate CSV XML Importer for WordPress (Missing Authorization to FTP/SFTP Credential Exposure) < 7.28
PROTECTED
Responsive Filterable Portfolio (Arbitrary File Upload) < 1.0.25
PROTECTED
Doccure (Arbitrary File Upload) < 1.4.9
PROTECTED
Doccure (Unauthenticated Arbitrary File Upload) < 1.4.9
PROTECTED
Doccure (Arbitrary User Password Change)
PROTECTED
AutomatorWP - Automator plugin for no-code automations, webhooks & custom integrations in WordPress (Remote Code Execution) < 5.3.7
PROTECTED
Goza - Nonprofit Charity WordPress Theme (Unauthenticated Arbitrary File Upload) < 3.2.3
PROTECTED
AdForest (Authentication Bypass to Admin) < 6.0.10
PROTECTED
Multi Step Form (Arbitrary File Upload) < 1.7.26
PROTECTED
Crowdsourced Patches for Crowdsourced Vulnerabilities.
© 2026. All rights reserved.