28 Jun

Daftar plugin wordpress yang mempunyai celah keamanan

Plugin wordpress yang mengandung celah, banyak dimanfaatkan oleh penyusup untuk masuk ke dalam blog kita, jadi berhati-hatilah dalam melakukan instalasi plugin, cari tahu dulu sebelum memasang. Berikut daftar plugin wordpress yang mempunyai celah keamanan dari tahun 2004-2013:

  • 2013-05-02 WordPress W3 Total Cache 0.9.2.8 PHP Code Execution exploit Published
  • 2013-05-02 WordPress W3 Total Cache 0.9.2.8 Remote Code Exec Published
  • 2013-04-21 WordPress theme Colormix Multiple vulnerabilities Published
  • 2013-04-12 WordPress Catalog Plugin Xss Vulnerability Published
  • 2013-04-11 WordPress Spider Video Player plugin SQL Injection Published
  • 2013-04-11 WordPress Spider Video Player 2.1 SQL Injection Published
  • 2013-04-09 WordPress plugins fbsurveypro XSS Vulnerability Published
  • 2013-04-08 WordPress plugins kioskprox XSS Vulnerability Published
  • 2013-04-07 WordPress Trafficanalyzer Plugin XSS Vulnerability Published
  • 2013-03-27 WordPress plugin user-photo file upload arbitrary PHP code execution Published
  • 2013-03-27 WordPress videowhisper-live-streaming-integration Plugin XSS Published
  • 2013-03-27 WordPress plugin v3 level four storefront SQL injection Vulnerability Published
  • 2013-03-27 WordPress trafficanalyzer Plugin XSS Published
  • 2013-03-26 WordPress Mathjax Latex 1.1 Cross Site Request Forgery Published
  • 2013-03-25 WordPress wp-video-commando Plugin XSS Published
  • 2013-03-23 WordPress IndiaNIC FAQS Manager 1.0 XSS & CSRF Published
  • 2013-03-23 WordPress IndiaNIC FAQS Manager 1.0 SQL Injection Published
  • 2013-03-22 Joomla Component com_wordpress XSS Vulnerability Published
  • 2013-03-20 WordPress Count Per Day 3.2.5 XSS Published
  • 2013-03-20 WordPress Occasions 1.0.4 Cross Site Request Forgery Published
  • 2013-03-19 WordPress LeagueManager’league_id’SQL Published
  • 2013-03-19 WordPress Simply Poll Plugin 1.4.1 CSRF and stored XSS Published
  • 2013-03-17 WordPress WP-e-Commerce plugin 3.8.9.5 Cross Site Scripting Vulnerability Published
  • 2013-03-17 WordPress bp-gallery plugin 1.2.5 Cross Site Scripting Vulnerability Published
  • 2013-03-17 WordPress o2s-gallery plugin Cross Site Scripting Vulnerability Published
  • 2013-03-17 WordPress LeagueManager Plugin 3.8 SQL Injection Published
  • 2013-03-17 WordPress Image News slider plugin 3.5 Cross Site Scripting Vulnerability Published
  • 2013-03-15 WordPress LeagueManager 3.8 SQL Injection Published
  • 2013-03-15 WordPress LeagueManager Plugin 3.8 – SQL Injection Published
  • 2013-03-12 WordPress Terillion Reviews Cross Site Scripting Published
  • 2013-03-11 WordPress plugin snazzy-archives XSS vulnerability Published
  • 2013-03-10 WordPress plugins vulnerable to CVE-2013-1808 Published
  • 2013-03-08 WordPress Events Manager 5.3.3 Cross Site Scripting Published
  • 2013-03-06 WordPress Count-Per-Day 3.2.5 Cross Site Scripting Published
  • 2013-03-05 WordPress Counter per Day plugin <= 3.2.3. Path Disclosure and Denial-Of-Service Published
  • 2013-03-05 WordPress Caulk Path Disclosure Published
  • 2013-02-28 WordPress Comment Rating 2.9.32 SQL Injection & Bypass Published
  • 2013-02-27 WordPress Comment Rating Plugin 2.9.32 – Multiple Vulnerabilities Published
  • 2013-02-25 WordPress plugin smart-flv jwplayer.swf XSS Published
  • 2013-02-21 WordPress Pretty Link 1.6.3 Cross Site Scripting Published
  • 2013-02-13 WordPress Classipress Theme 3.1.4 Cross Site Scripting Published
  • 2013-02-12 WordPress newscast Theme SQL Injection Published
  • 2013-02-12 WordPress simple flash video v2 plugin SQL Injection Published
  • 2013-02-12 WordPress wp forum server v2 plugin SQL Injection Published
  • 2013-02-12 WordPress podpress plugin v2 Plugin SQL Injection Published
  • 2013-02-12 WordPress Xhanch My Prayer Time plugin v2 Plugin SQL Injection Published
  • 2013-02-12 WordPress image news slider v3 Plugin SQL Injection Published
  • 2013-02-11 WordPress smart-map v2 Plugin SQL Injection Published
  • 2013-02-11 WordPress post2pdf-converter v2 Plugin SQL Injection Published
  • 2013-02-10 WordPress theme pinboard 1.0.6 XSS Published
  • 2013-02-10 WordPress plugin myftp-ftp-like-plugin-for-wordpress 2 SQL Injection Published
  • 2013-02-08 WordPress Audio Player SWF Cross Site Scripting Published
  • 2013-02-07 WordPress Wysija Newsletters 2.2 SQL Injection Published
  • 2013-02-07 WordPress CommentLuv 2.92.3 Cross Site Scripting Published
  • 2013-02-06 WordPress wp-forum plugin SQL Injection Published
  • 2013-02-03 WordPress Gallery’load’ Published
  • 2013-02-03 WordPress theme Flash News Multiple vulnerabilities Published
  • 2013-02-03 WordPress dt-chocolate Theme Image Open redirect Published
  • 2013-02-02 WordPressSearch plugin SQL Injection Vulnerability Published
  • 2013-02-01 WordPress simple-shout-box Plugin SQL Injection Published
  • 2013-02-01 WordPress wp-table-reloaded plugin cross-site scripting in SWF Published
  • 2013-02-01 WordPress portfolio-slideshow-pro v3 Plugin SQL Injection Published
  • 2013-01-31 WordPress RLSWordPressSearch plugin SQL Injection Published
  • 2013-01-26 WordPress SolveMedia 1.1.0 Cross Site Request Forgery Published
  • 2013-01-25 WordPress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities Published
  • 2013-01-25 WordPress SolveMedia 1.1.0 CSRF Vulnerability Published
  • 2013-01-24 WordPress Chocolate Theme XSS & Denial Of Service & Shell Upload Published
  • 2013-01-23 Cardoza WordPress Poll 34.05 SQL Injection Published
  • 2013-01-22 WordPress Ripe HD FLV Player SQL Injection & Path Disclosure Published
  • 2013-01-22 WordPress Developer Formatter CSRF Vulnerability Published
  • 2013-01-15 WordPress Daily Edition Mouss XSS & Disclosure & Shell Upload Published
  • 2013-01-15 WordPress theme Daily Edition Mouss Multiple vulnerabilities Published
  • 2013-01-13 WordPress Floating Tweets 1.0.1 XSS and Directory Traversal Published
  • 2013-01-11 WordPress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Published
  • 2013-01-09 WordPress Plugin Google Document Embedder Arbitrary File Disclosure Published
  • 2013-01-08 XML Sitemap Generator for WordPress (Google XML Sitemaps) Code Injection Published
  • 2013-01-08 WordPress Spam Free 1.9.2 Filter Bypass Published
  • 2013-01-08 WordPress OpenInviter Information Disclosure Published
  • 2013-01-07 WordPress wilderness SQL injection Published
  • 2013-01-07 WordPress NextGEN Gallery plugin Cross-Site Scripting Vulnerability Published
  • 2013-01-04 WordPress Plugin Advanced Custom Fields Remote File Inclusion Published
  • 2013-01-03 WordPress Uploader 1.0.4 Shell Upload Published
  • 2013-01-03 WordPress Xerte Online 0.32 Shell Upload Published
  • 2013-01-03 WordPress ReFlex Gallery 1.3 Shell Upload Published
  • 2013-01-03 WordPress Shopping Cart 8.1.14 Shell Upload & SQL Injection Published
  • 2013-01-03 WordPress Advanced Custom Fields Remote File Inclusion Published
  • 2013-01-02 WordPress Sahifa theme 2.4.0 CSRF and Full Path Disclosure Published
  • 2013-01-02 WordPress plugins WP PHP widget Full Path Disclosure vulnerability Published
  • 2012-12-31 WordPress SB Uploader 3.9 Shell Upload Published
  • 2012-12-31 WordPress Photo Plus & Photo Search XSS & CSRF Published
  • 2012-12-31 WordPress plugins NextGEN Public Uploader Full Path Disclosure Vulnerability Published
  • 2012-12-30 WordPress themes RocketTheme Multiple vulnerabilities Published
  • 2012-12-28 WordPressW3 Total Published
  • 2012-12-28 WordPress Asset-Manager PHP File Upload Published
  • 2012-12-27 WordPress CMSMasters’upload.php’ Published
  • 2012-12-26 WordPress WP-Property PHP File Upload Vulnerability Published
  • 2012-12-26 WordPress Asset-Manager PHP File Upload Vulnerability Published
  • 2012-12-25 WordPress W3 Total Cache Data Disclosure Published
  • 2012-12-25 WordPress Rokbox Themes Content Spoofing and XSS Published
  • 2012-12-24 WordPress ‘wp-login.php’(CVE-2012-5868) Published
  • 2012-12-23 WordPress BuddyPress Cross Site Scripting & Content Spoofing Published
  • 2012-12-21 WordPress 3.4.2 Sessions Not Terminated Upon Explicit User Logout Published
  • 2012-12-21 WordPress plugin sintic_gallery Path Disclosure Vulnerability Published
  • 2012-12-21 BuddyPress for WordPress XSS and CS vulnerabilities Published
  • 2012-12-18 WordPress Rokbox 2.13 Multiple Vulns Published
  • 2012-12-16 WordPress RokBox Multiple Vulnerabilities Published
  • 2012-12-14 WordPress Plugin Authentication Bypass Published
  • 2012-12-13 WordPress portable-phpMyAdmin 1.3.0 Authentication Bypass Published
  • 2012-12-09 WordPress Simple Gmail Login Path Disclosure Published
  • 2012-12-05 WordPress WP-Realty ‘language’ Published
  • 2012-12-04 WordPress Nest SQL Injection Published
  • 2012-11-30 WordPress Video Lead Form 0.5 Cross Site Scripting Published
  • 2012-11-30 WordPress Toolbox 1.4 SQL Injection Published
  • 2012-11-30 WordPress TimelineJS_Nuweb Local File Inclusion Published
  • 2012-11-28 WordPress Newstimes Package SQL Injection Published
  • 2012-11-28 WordPress wp-imagezoon SQL Injection Published
  • 2012-11-28 WordPress Shai-Saul SQL Injection Published
  • 2012-11-28 WordPress yaren Tema SQL Injection Published
  • 2012-11-28 WordPress weddingsatwork SQL Injection Published
  • 2012-11-28 WordPress asm theme SQL injection Published
  • 2012-11-28 WordPress st_newsletter SQL Injection Published
  • 2012-11-28 WordPress starmark Theme Local File Inclusion Published
  • 2012-11-28 WordPress oberliga SQL Injection Published
  • 2012-11-28 WordPress myflash Local File Inclusion Published
  • 2012-11-28 WordPress cstardesign SQL Injection Published
  • 2012-11-25 WordPress dailyedition-mouss Theme SQL injection Published
  • 2012-11-24 WordPress Zarzadzanie Kontem Shell Upload Published
  • 2012-11-24 WordPress Zingiri Web Shop 2.5.0 Shell Upload Published
  • 2012-11-24 WordPress Plg Novana SQL Injection Published
  • 2012-11-24 WordPress Simple Slider 1.0 Cross Site Scripting Published
  • 2012-11-23 WordPress plg_novana plugin Sql Injection Published
  • 2012-11-23 WordPress magazine-basic-plugin/ Theme SQL Injection Published
  • 2012-11-23 WordPress malmonation theme SQL Injection Published
  • 2012-11-22 WordPress hd-webplayer Theme SQL Injection Published
  • 2012-11-22 WordPress fs-real-estate-plugin Theme SQL Injection Published
  • 2012-11-22 WordPress webplayer-plugin Theme SQL Injection Published
  • 2012-11-21 WordPress Madebymilk SQL Injection Published
  • 2012-11-21 WordPress FireStorm Real Estate 2.06.08 SQL Injection Published
  • 2012-11-21 WordPress tdo-mini-forms plugin (rfu/rfd) Vulnerabilities Published
  • 2012-11-20 WordPress ArribaLaEsteban SQL Injection Published
  • 2012-11-20 WordPress List Communities SQL Injection Published
  • 2012-11-20 WordPress Facebook Survey v1 SQL Injection Vulnerability Published
  • 2012-11-19 WordPress Plugins Spotlight Your Upload Vulnerability Published
  • 2012-11-18 WordPress Integrator 1.32 Cross Site Scripting Published
  • 2012-11-16 WordPress Dailyedition-mouss SQL Injection Published
  • 2012-11-16 WordPress Tagged Albums SQL Injection Published
  • 2012-11-14 WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting Published
  • 2012-11-13 WordPress AJAX Post Search’the_search_function()’SQL Published
  • 2012-11-13 WordPress Related Posts Exit Popup SQL Injection Published
  • 2012-11-11 WordPress Calendar-Script Blind SQL Injection Published
  • 2012-11-11 WordPress Eco-Annu SQL Injection Published
  • 2012-11-10 WordPress swfupload XSS vulnerability Published
  • 2012-11-09 WordPress theme wilderness SQL Injection Published
  • 2012-11-09 WordPress theme kakao SQL Injection Published
  • 2012-11-08 WordPress Hitasoft FLV Player 1.1 SQL Injection Published
  • 2012-11-08 WordPress Cardoza Ajax Search 1.1 SQL Injection Published
  • 2012-11-04 WordPress Spider Catalog 1.1 HTML Code Injection and Cross-Site scripting Published
  • 2012-10-31 WordPress FoxyPress Plugin 0.4.2.5 Multiple Vulnerabilities Published
  • 2012-10-31 WordPress FoxyPress Plugin Multiple Vulnerabilities Published
  • 2012-10-28 WordPress Easy Webinar Plugin Blind SQL Injection Vulnerability Published
  • 2012-10-27 WordPress Easy Webinar Blind SQL Injection Published
  • 2012-10-26 WordPress GRAND Flash Album Gallery SQL Injection & Disclosure & File Overwrite Published
  • 2012-10-22 WordPress Social Discussions Plugin 6.1.1 Multiple Vulnerabilities Published
  • 2012-10-20 WordPress Wordfence Security XSS and IAA vulnerabilities Published
  • 2012-10-18 WordPress Social Discussions Plugin Multiple Vulnerabilities Published
  • 2012-10-17 WordPress Plugin BackWPup 1.6.1 Remote auth bypass Published
  • 2012-10-11 WordPress Kish Guest Posting 1.0 Shell Upload Published
  • 2012-10-11 WordPress Shortcode Redirect 1.0.01 Stored Cross Site Scripting Published
  • 2012-10-11 WordPress Mingle Forum 1.0.32.1 Cross Site Scripting / SQL Injection Published
  • 2012-10-11 WordPress LivePHP Cross Site Scripting Published
  • 2012-10-11 WordPress Slideshow Gallery 2 Cross SIte Scripting Published
  • 2012-10-08 WordPress Remote Command Execution Published
  • 2012-10-06 WordPress Shopp v1.0.17 eCommerce Plugin <= XSS & LFI Published
  • 2012-10-04 WordPress Plugin spider calendar Multiple Vulnerabilities Published
  • 2012-10-04 WordPress Spider 1.0.1 SQL Injection & XSS Published
  • 2012-10-01 WordPress Theme 3.2 Unauthenticated Configuration Access Published
  • 2012-10-01 WordPressthemesbook Cms Cross-Site Scripting Vulnerability Published
  • 2012-09-28 WordPress phpBAK Red Config Vulnerability Published
  • 2012-09-27 WordPress ABC-Test 0.1 Cross Site Scripting Published
  • 2012-09-20 WordPress Wp-TopBar 4.02 Multiple Vulnerabilities Published
  • 2012-09-20 MF Gig Calendar WordPress Plugin Cross-Site Scripting Published
  • 2012-09-19 WordPress Admin name Information Disclosure Published
  • 2012-09-13 WordPress Tierra Audio Path Disclosure Published
  • 2012-09-13 WordPress Krea3AllMedias SQL Injection Published
  • 2012-09-10 WordPress SEM WYSIWYG Arbitrary File Upload Published
  • 2012-09-10 WordPress HD Webplayer 1.1 SQL Injection Published
  • 2012-09-10 WordPress Download Monitor Download Page Cross-Site Scripting Published
  • 2012-09-10 WordPress Simple Forum Shell Upload Published
  • 2012-09-10 WordPress AdRotate 3.7.3.5 Cross Site Scripting Published
  • 2012-09-10 ShopperPress WordPress Theme 2.7 Cross Site Scripting Published
  • 2012-09-10 WordPress Finder Cross Site Scripting Published
  • 2012-09-10 WordPress NextGEN Gallery 1.9.5 Cross Site Scripting Published
  • 2012-09-10 WordPress Count Per Day 3.2.3 Cross Site Scripting Published
  • 2012-09-10 WordPress Google Analytics 4.2.4 Cross Site Scripting Published
  • 2012-09-10 WordPress Monsters Editor Shell Upload Published
  • 2012-09-10 WordPress TDO Mini Forms Arbitrary File Upload Published
  • 2012-02-02 WordPress <= 3.3.1 Multiple Vulnerabilities Published
  • 2012-01-25 WordPress Kish Guest Posting Plugin 1.0 Arbitrary File Upload Published
  • 2012-01-23 WordPress uCan Post plugin <= 1.0.09 Stored XSS Published
  • 2012-01-23 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload Published
  • 2012-01-17 WordPress Age Verification Plugin <= 0.4 Open Redirect Published
  • 2012-01-17 WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability Published
  • 2012-01-17 WordPress Count-per-day plugin Multiple Vulnerabilities Published
  • 2012-01-11 WordPress Pay With Tweet Plugin <= 1.1 Multiple Vulnerabilities Published
  • 2012-01-04 WordPress Comment Rating plugin Multiple Vulnerabilities Published
  • 2011-12-28 WordPress Mailing List Plugin Arbitrary File Download Published
  • 2011-12-15 BLIND SQL injection UPM-POLLS wordpress plugin 1.0.4 Published
  • 2011-12-08 WordPress Pretty Link 1.5.2 Cross Site Scripting Published
  • 2011-12-02 WordPress Flash Album Gallery Cross Site Scripting Published
  • 2011-11-25 WordPress enable-latex plugin Remote File Include Vulnerabilities Published
  • 2011-11-23 WordPress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities Published
  • 2011-11-22 WordPress Adminimize plugin suffers from a cross site scripting vulnerability Published
  • 2011-11-22 WordPress Advanced Text Widget plugin suffers from a cross site scripting vulnerability Published
  • 2011-11-19 WordPress jetpack plugin SQL Injection Vulnerability Published
  • 2011-11-15 WordPress AdRotate plugin <= 3.6.6 SQL Injection Vulnerability Published
  • 2011-11-14 WordPress Zingiri Plugin <= 2.2.3 (ajax_save_name.php) Remote Code Execution Published
  • 2011-11-01 WordPress WP Glossary plugin SQL Injection Vulnerability Published
  • 2011-10-31 WordPress Classipress Theme <= 3.1.4 Stored XSS Published
  • 2011-10-31 WordPress WP Glossary Plugin SQL Injection Published
  • 2011-10-28 WordPress wptouch plugin SQL Injection Vulnerability Published
  • 2011-10-17 WordPress Mailing List 1.3.2 Published
  • 2011-10-17 WordPress Photo Album Plus <= 4.1.1 SQL Published
  • 2011-10-15 WordPress Photo Album Plus <= 4.1.1 SQL Injection Vulnerability Published
  • 2011-10-13 WordPress Pretty Link 1.4.56 Cross Site Scripting Published
  • 2011-10-13 WordPress GD Star Rating plugin <= 1.9.10 SQL Injection Published
  • 2011-10-06 Packet storm WordPress Redirection 2.2.9 Persistent Cross Site Scripting Published
  • 2011-10-05 WordPress Redirection 2.2.9 Persistent Cross Site Scripting Published
  • 2011-09-30 WordPress WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability Published
  • 2011-09-25 WordPress Link Library plugin <= 5.2.1 SQL Injection Vulnerability Published
  • 2011-09-21 Multiple WordPress Plugin timthumb.php Vulnerabilites Published
  • 2011-09-21 WordPress Annonces Plugin 1.2.0.0 Remote File Inclusion Published
  • 2011-09-21 WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion Published
  • 2011-09-21 WordPress WPEasyStats Plugin 1.8 Remote File Inclusion Published
  • 2011-09-21 WordPress Zingiri Web Shop Plugin 2.2.0 Remote File Inclusion Published
  • 2011-09-21 WordPress AllWebMenus Plugin 1.1.3 Remote File Inclusion Published
  • 2011-09-21 WordPress Mailing List Plugin 1.3.2 Remote File Inclusion Published
  • 2011-09-21 WordPress TheCartPress Plugin 1.1.1 Remote File Inclusion Published
  • 2011-09-21 WordPress WP e-Commerce”cs1″SQL Published
  • 2011-09-21 WordPress Disclosure Policy Plugin 1.0 Remote File Inclusion Published
  • 2011-09-21 WordPress Relocate Upload Plugin 0.14 Remote File Inclusion Published
  • 2011-09-21 WordPress Livesig Plugin 0.4 Remote File Inclusion Published
  • 2011-09-21 WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability Published
  • 2011-09-19 WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability Published
  • 2011-09-18 WordPress Auctions plugin <= 1.8.8 SQL Injection Vulnerability Published
  • 2011-09-14 WordPress WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability Published
  • 2011-09-13 WordPress 1 Flash Gallery Plugin Arbiraty File Upload Exploit (MSF) Published
  • 2011-09-10 WordPress grapefile plugin <= 1.1 Arbitrary File Upload Published
  • 2011-09-10 WordPress Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability Published
  • 2011-09-10 WordPress Event Registration plugin <= 5.4.3 SQL Injection Published
  • 2011-09-10 WordPress Couponer plugin <= 1.2 SQL Injection Published
  • 2011-09-10 WordPress SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability Published
  • 2011-09-10 WordPress Advertizer plugin <= 1.0 SQL Injection Vulnerability Published
  • 2011-09-10 WordPress WP Bannerize plugin <= 2.8.6 SQL Injection Published
  • 2011-09-10 WordPress wp audio gallery playlist plugin <= 0.12 SQL Injection Published
  • 2011-09-10 WordPress iCopyright® Article Tools plugin <= 1.1.4 SQL Injection Published
  • 2011-09-10 WordPress Donation plugin <= 1.0 SQL Injection Published
  • 2011-09-10 WordPress Crawl Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability Published
  • 2011-09-10 WordPress PureHTML plugin <= 1.0.0 SQL Injection Published
  • 2011-09-10 WordPress Facebook Opengraph Meta Plugin plugin <= 1.0 SQL Injection Vulnerability Published
  • 2011-09-10 WordPress Image Gallery with Slideshow plugin <= 1.5 Multiple Vulnerabilities Published
  • 2011-09-10 WordPress yolink Search plugin <= 1.1.4 SQL Injection Published
  • 2011-09-10 WordPress VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability Published
  • 2011-09-10 WordPress SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability Published
  • 2011-08-29 WordPress Photoracer 1.0 Cross Site Scripting / SQL Injection Published
  • 2011-08-29 WordPress TimThumb Plugin – Remote Code Execution Published
  • 2011-08-29 WordPress mySTAT plugin <= 2.6 SQL Injection Vulnerability Published
  • 2011-08-29 WordPress Block-Spam-By-Math-Reloaded Plugin Bypass Published
  • 2011-08-29 WordPress Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability Published
  • 2011-08-29 WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability Published
  • 2011-08-28 WordPress Photoracer Plugin <= 1.0 Multiple Vulnerabilities Published
  • 2011-08-28 WordPress Js-appointment plugin <= 1.5 SQL Injection Vulnerability Published
  • 2011-08-28 WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability Published
  • 2011-08-28 WordPress Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability Published
  • 2011-08-28 WordPress oQey Headers plugin <= 0.3 SQL Injection Vulnerability Published
  • 2011-08-28 WordPress Photoracer plugin <= 1.0 SQL Injection Vulnerability Published
  • 2011-08-26 WordPress Yoast v4.1.3 Local File Disclosure Vulnerability Published
  • 2011-08-21 WordPress UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability Published
  • 2011-08-18 WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress WP Forum plugin <= 1.7.8 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress File Groups plugin <= 1.1.2 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability Published
  • 2011-08-18 WordPress Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability Published
  • 2011-07-04 WordPress 3.1.3 SQL Injection Vulnerabilities Published
  • 2011-06-27 WordPress core 3.1.3 Persistent XSS Vulnerability Published
  • 2011-06-27 WordPress Beer Recipes Plugin v.1.0 XSS Published
  • 2011-05-24 Is-human <=1.4.2 WordPress Plugin Remote Command Execution Vulnerability Published
  • 2011-04-28 WordPress SermonBrowser Plugin 0.43 SQL Injection Published
  • 2011-04-26 Ajax Category Dropdown WordPress Plugin 0.1.5 Multiple Vulnerabilities Published
  • 2011-04-06 WordPress WP Custom Pages Plugin 0.5.0.1 LFI Vulnerability Published
  • 2011-03-29 WordPress plugin BackWPup Remote and Local Code Execution Vulnerability Published
  • 2011-03-10 PHP Speedy <= 0.5.2 WordPress Plugin (admin_container.php) Remote Code Exec Exploit Published
  • 2011-03-10 GRAND Flash Album Gallery 0.55 WordPress Plugin Multiple Vulnerabilities Published
  • 2011-02-27 OPS Old Post Spinner 2.2.1 WordPress Plugin LFI Vulnerability Published
  • 2011-02-27 JQuery Mega Menu 1.0 WordPress Plugin Local File Inclusion Published
  • 2011-02-26 Z-Vote 1.1 WordPress Plugin SQL Injection Vulnerability Published
  • 2011-02-25 GigPress 2.1.10 WordPress Plugin Stored XSS Vulnerability Published
  • 2011-02-25 Relevanssi 2.7.2 WordPress Plugin Stored XSS Vulnerability Published
  • 2011-02-25 IWantOneButton 3.0.1 WordPress Plugin Multiple Vulnerabilities Published
  • 2011-02-25 WP Forum Server 1.6.5 WordPress Plugin SQL Injection Vulnerability Published
  • 2011-02-24 Comment Rating 2.9.23 WordPress Plugin Multiple Vulnerabilities Published
  • 2011-02-18 WordPress User Photo Component Remote File Upload Vulnerability Published
  • 2011-02-11 Enable Media Replace WordPress Plugin Multiple Vulnerabilities Published
  • 2010-12-07 SQL injection vulnerability in do_trackbacks() WordPress function Published
  • 2010-11-14 WordPress Event Registration Plugin 5.32 SQL Injection Vulnerability Published
  • 2010-10-20 WordPress plugin mygallerybrowser.php Remote File Upload Vulnerability Published
  • 2010-09-07 WordPress Events Manager Extended Plugin Persistent XSS Vulnerability Published
  • 2010-08-05 WordPress NextGEN Smooth Gallery Blind SQL Injection Vulnerability Published
  • 2010-07-23 WordPress Plugin myLDlinker SQL Injection Vulnerability Published
  • 2010-07-10 WordPress Firestats Remote Configuration File Download Published
  • 2010-06-25 Vulnerabilities in Cimy Counter for WordPress Published
  • 2010-06-08 WordPress Gigya Socialize Plugin Cross-Site Scripting Vulnerabilities Published
  • 2010-04-06 XSS Vulnerability in NextGEN Gallery WordPress Plugin Published
  • 2010-03-02 WordPress 2.9.1 wp-admin Cross-Site Scripting Vulnerability Published
  • 2010-02-23 WordPress Copperleaf Photolog SQL Injection Vulnerability Published
  • 2010-02-19 WordPress script <== x.x.x (Events Plugins) SQL Injection Vulnerability Published
  • 2010-02-19 WordPress 2.9 plugin wp-wall (XSS) Cross Site Scripting Vulnerability Published
  • 2010-02-19 Joomla JD-WordPress Remote File Include Exploit Published
  • 2010-02-19 WordPress Resource exhaustion Exploit Published
  • 2010-02-19 WordPress Pyrmont V2. SQL Injection Vulnerability Published
  • 2010-02-19 WordPress <= 2.9 Denial of Service Published
  • 2010-02-15 WordPress Copperleaf Photolog SQL injection Published
  • 2010-02-13 WordPress >= 2.9 Failure to Restrict URL Access Published
  • 2010-01-02 WordPress Events Plugin SQL Injection Vulnerability Published
  • 2009-12-31 0day WordPress DOS <= 2.9 Published
  • 2009-12-18 WordPress and Pyrmont V2. SQL Injection Vulnerability Published
  • 2009-12-07 Vulnerabilities in WP-Cumulus for WordPress Published
  • 2009-12-05 WordPress Image Manager Plugins Shell Upload Vulnerability Published
  • 2009-11-25 Vulnerabilities in WP-Cumulus <= 1.20 for WordPress Published
  • 2009-11-13 WordPress Arbitrary File Upload and Cross Site Scripting Vulnerabilities Published
  • 2009-11-13 WordPress Plugin WP-Syntax <= 0.9.1 Remote Command Execution PoC Published
  • 2009-11-11 WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Published
  • 2009-11-11 Fedora Security Update Fixes WordPress-MU Denial of Service Issue Published
  • 2009-11-10 WordPress 2.0 – 2.7.1 admin.php Module Configuration Security Bypass Vulnerability Published
  • 2009-11-10 WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Published
  • 2009-11-10 WordPress MU 1.2.2 – 1.3.1 ‘wp-includes/wpmu-functions.php’ Cross-Site Scripting Vulnerability Published
  • 2009-10-27 Fedora Security Update Fixes WordPress Denial of Service Vulnerability Published
  • 2009-10-23 DM Albums for WordPress “delete_album” Directory Traversal Issue Published
  • 2009-10-22 WordPress < 2.8.1 Security Bypass 0day Published
  • 2009-10-21 WordPress Trackback Remote Denial of Service Vulnerability Published
  • 2009-10-20 JD-WordPress for Joomla “mosConfig_absolute_path” Inclusion Issue Published
  • 2009-10-19 Joomla JD-WordPress 2.0 RC2 remote file icnlusion Published
  • 2009-09-02 WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures Published
  • 2009-08-28 WP-Syntax for WordPress “test_filter[wp_head]” Code Injection Vulnerability Published
  • 2009-08-27 WordPress Plugin WP-Syntax <= 0.9.1 Remote Command Execution Published
  • 2009-08-24 Debian Security Update Fixes WordPress Security Bypass Vulnerabilities Published
  • 2009-08-17 Fedora Security Update Fixes WordPress-MU Multiple Vulnerabilities Published
  • 2009-08-12 Fedora Security Update Fixes WordPress Admin Pass Reset Vulnerability Published
  • 2009-08-11 WordPress <= 2.8.3 Remote Admin Reset Password Vulnerability Published
  • 2009-08-07 Fedora Security Update Fixes WordPress Privilege Escalation Issues Published
  • 2009-07-30 Fedora Security Update Fixes WordPress Cross Site Scripting Issue Published
  • 2009-07-27 WordPress Plugin FireStats <= 1.6.1(fs_javascript) RFI Vulnerability Published
  • 2009-07-24 WordPress 2.8.1 (url) Remote Cross Site Scripting Exploit Published
  • 2009-07-20 Fedora Security Update Fixes WordPress Security Bypass Vulnerabilities Published
  • 2009-07-15 WordPress Plugin My Category Order <= 2.8 SQL Injection Vulnerability Published
  • 2009-07-10 WordPress Privileges Unchecked in admin.php and Multiple Information Published
  • 2009-07-09 WordPress Media Holder (mediaHolder.php id) SQL Injection vulnerability Published
  • 2009-07-09 WordPress Multiple Security Bypass and Information Disclosure Issues Published
  • 2009-07-02 WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vulnerability Published
  • 2009-06-30 WordPress Plugin DM Albums 1.9.2 Remote File Disclosure Vulnerability Published
  • 2009-06-30 WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability Published
  • 2009-06-29 WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln Published
  • 2009-06-15 WordPress Plugin Photoracer 1.0 (id) SQL Injection Vulnerability Published
  • 2009-05-26 WordPress Plugin Lytebox (wp-lytebox) Local File Inclusion Vulnerability Published
  • 2009-04-15 Fedora Security Update Fixes WordPress-mu Cross Site Scripting Issue Published
  • 2009-03-18 FMoblog Plugin for WordPress “id” Remote SQL Injection Vulnerability Published
  • 2009-03-17 WordPress Plugin fMoblog 2.1 (id) SQL Injection Vulnerability Published
  • 2009-03-10 WordPress MU < 2.7 ‘HOST’ HTTP Header XSS Vulnerability Published
  • 2009-01-12 WordPress plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability Published
  • 2008-12-22 WordPress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln Published
  • 2008-11-07 Fedora Security Update Fixes WordPress Snoopy Code Execution Published
  • 2008-10-29 WordPress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit Published
  • 2008-10-26 WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln Published
  • 2008-10-17 WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln Published
  • 2008-09-15 WordPress “user_login” Column SQL Truncation Vulnerability Published
  • 2008-09-10 WordPress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit Published
  • 2008-09-10 Fedora Security Update Fixes WordPress SSL Enforcement Weakness Published
  • 2008-09-07 WordPress 2.6.1 SQL Column Truncation Vulnerability Published
  • 2008-07-24 WordPress Plugin Download Manager 0.2 Arbitrary File Upload Exploit Published
  • 2008-07-07 Debian Security Update Fixes WordPress Security Bypass Issues Published
  • 2008-05-05 Fedora Security Update Fixes WordPress Privilege Escalation Issue Published
  • 2008-04-28 WordPress Cookie Integrity Protection Privilege Escalation Vulnerability Published
  • 2008-04-24 Spreadsheet for WordPress “ss_id” Remote SQL Injection Vulnerability Published
  • 2008-04-22 WordPress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability Published
  • 2008-03-31 WordPress Plugin Download (dl_id) SQL Injection Vulnerability Published
  • 2008-02-26 WordPress Plugin Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities Published
  • 2008-02-18 Photo Album Plugin for WordPress Multiple SQL Injection Vulnerabilities Published
  • 2008-02-16 WordPress Photo album Remote SQL Injection Vulnerability Published
  • 2008-02-15 WordPress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability Published
  • 2008-02-15 WordPress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability Published
  • 2008-02-13 Fedora Security Update Fixes WordPress XML-RPC Post Editing Issue Published
  • 2008-02-07 WordPress XML-RPC Implementation Arbitrary Post Editing Vulnerability Published
  • 2008-02-05 WordPress MU < 1.3.2 active_plugins option Code Execution Exploit Published
  • 2008-02-03 WordPress Plugin st_newsletter Remote SQL Injection Vulnerability Published
  • 2008-02-02 WordPress Plugin Wordspew Remote SQL Injection Vulnerability Published
  • 2008-02-02 WordPress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities Published
  • 2008-01-31 AdServe Plugin for WordPress “id” Parameter SQL Injection Vulnerability Published
  • 2008-01-31 WassUp Plugin for WordPress “to_date” SQL Injection Vulnerability Published
  • 2008-01-31 WP-Cal Plugin for WordPress “id” SQL Query Injection Vulnerability Published
  • 2008-01-31 FGallery Plugin for WordPress “album” SQL Query Injection Vulnerability Published
  • 2008-01-30 WordPress Plugin Adserve 0.2 adclick.php SQL Injection Exploit Published
  • 2008-01-30 WordPress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit Published
  • 2008-01-27 WordPress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability Published
  • 2008-01-27 WordPress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability Published
  • 2008-01-25 Permalinks Migration Plugin for WordPress Cross Site Request Forgery Published
  • 2008-01-22 WP-Forum Plugin for WordPress “user” SQL Query Injection Vulnerability Published
  • 2008-01-19 WordPress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability Published
  • 2008-01-06 WordPress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability Published
  • 2008-01-03 Fedora Security Update Fixes WordPress Multiple Remote Vulnerabilities Published
  • 2007-12-11 WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability Published
  • 2007-12-11 WordPress “s” Parameter Handling Remote SQL Injection Vulnerability Published
  • 2007-12-05 WordPress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability Published
  • 2007-11-21 WordPress Cookies Processing Authentication Bypass Weakness Published
  • 2007-11-06 BackUpWordPress “bkpwp_plugin_path” PHP File Inclusion Vulnerabilities Published
  • 2007-11-01 WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability Published
  • 2007-10-29 WordPress “posts_columns” Parameter Cross Site Scripting Vulnerability Published
  • 2007-09-14 WordPress Multiple Versions Pwnpress Exploitation Tookit (0.2pub) Published
  • 2007-09-13 WordPress Multiple Parameter Cross Site Scripting and SQL Injection Issues Published
  • 2007-08-31 Fedora Security Update Fixes WordPress Cross Site Scripting Vulnerability Published
  • 2007-08-01 WordPress “style” Parameter Processing Cross Site Scripting Vulnerability Published
  • 2007-06-26 WordPress Security Update Fixes Code Execution and SQL Injection Vulnerabilities Published
  • 2007-06-26 WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit Published
  • 2007-06-11 OpenPKG Security Update Fixes WordPress XML-RPC SQL Injection Vulnerability Published
  • 2007-06-07 WordPress XML-RPC Interface “wp_suggestCategories()” SQL Injection Vulnerability Published
  • 2007-06-06 WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit Published
  • 2007-05-21 WordPress “cookie” Parameter Handling Remote SQL Query Injection Vulnerability Published
  • 2007-05-21 WordPress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit Published
  • 2007-05-02 Debian Security Update Fixes WordPress Cross Site Scripting and Security Bypass Issues Published
  • 2007-05-02 WP-Table Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published
  • 2007-05-02 WordTube Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published
  • 2007-05-02 MyFlash Plugin for WordPress “wppath” Parameter Remote File Inclusion Vulnerability Published
  • 2007-05-01 WordPress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability Published
  • 2007-05-01 WordPress plugin myflash <= 1.00 (wppath) RFI Vulnerability Published
  • 2007-05-01 WordPress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability Published
  • 2007-04-30 MyGallery Plugin for WordPress “myPath” Parameter Remote File Inclusion Vulnerability Published
  • 2007-04-29 WordPress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability Published
  • 2007-04-04 WordPress “XML-RPC” Module Remote SQL Injection and Security Bypass Vulnerabilities Published
  • 2007-04-03 WordPress 2.1.2 (xmlrpc) Remote SQL Injection Exploit Published
  • 2007-03-21 Gentoo Security Update Fixes Multiple WordPress Cross Site Scripting Vulnerabilities Published
  • 2007-03-19 WordPress “PHP_SELF” Variable Handling Client-Side Cross Site Scripting Vulnerability Published
  • 2007-03-13 WordPress “wp_title()” and “single_month_title()” Cross Site Scripting Vulnerability Published
  • 2007-03-05 WordPress “comment_text_phpfilter()” and “get_theme_mcommand()” Vulnerabilities Published
  • 2007-02-27 WordPress “wp-includes/functions.php” Client-Side Cross Site Scripting Vulnerability Published
  • 2007-02-26 NoMoKeTo Module for phpBB “phpbb_root_path” Remote File Inclusion Vulnerability Published
  • 2007-02-26 WordPress “wp_explain_nonce()” Function Client-Side Cross Site Scripting Vulnerability Published
  • 2007-01-17 Gentoo Security Update Fixes WordPress SQL Injection and Cross Site Scripting Issues Published
  • 2007-01-10 WordPress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit Published
  • 2007-01-09 OpenPKG Security Update Fixes WordPress Trackback Charset SQL Injection Issue Published
  • 2007-01-07 WordPress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit Published
  • 2007-01-06 WordPress “wp-login.php” Authentication Process Information Disclosure Vulnerability Published
  • 2007-01-06 WordPress Trackback Charset SQL Injection and Admin Cross Site Scripting Vulnerabilities Published
  • 2006-12-30 Enigma 2 WordPress Bridge (boarddir) Remote File Include Vulnerability Published
  • 2006-12-27 WordPress “get_file_description()” Function Client-Side Cross Site Scripting Vulnerability Published
  • 2006-11-21 Gentoo Security Update Fixes WordPress Directory Traversal and Security Bypass Published
  • 2006-11-03 OpenPKG Security Update Fixes WordPress Multiple Security Bypass Vulnerabilities Published
  • 2006-11-02 WordPress Remote Directory Traversal and Security Bypass Vulnerabilities Published
  • 2006-08-16 WP-DB Backup Plugin for WordPress “backup” Parameter Directory Traversal Vulnerability Published
  • 2006-07-31 WordPress Unspecified Parameter Handling Multiple Vulnerabilities Published
  • 2006-07-17 Rocks “mount-loop” and “umount-loop” Arguments Handling Privilege Escalation Vulnerability Published
  • 2006-07-04 WordPress “paged” Parameter Table Prefix and Full Path Disclosure Vulnerabilities Published
  • 2006-06-12 Gentoo Security Update Fixes WordPress Remote Command Injection Vulnerability Published
  • 2006-05-26 WordPress User Profile Handling Remote PHP Command Injection Vulnerability Published
  • 2006-05-25 WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit Published
  • 2006-03-05 Gentoo Security Update Fixes WordPress SQL Injection Vulnerability Published
  • 2006-03-01 WordPress Cross Site Scripting And Full Path Disclosure Vulnerabilities Published
  • 2006-01-16 WP-Stats WordPress Plug-in “author” Remote SQL Injection Vulnerability Published
  • 2005-11-25 PhpWordPress Multiple Parameters Remote SQL Injection Vulnerability Published
  • 2005-08-10 WordPress “cache_lastpostdate” Remote Code Execution Issue Published
  • 2005-08-10 WordPress <= 1.5.1.3 Remote Code Execution eXploit (metasploit) Published
  • 2005-08-09 WordPress <= 1.5.1.3 Remote Code Execution 0-Day Exploit Published
  • 2005-07-04 Gentoo Security Update Fixes Multiple WordPress Vulnerabilities Published
  • 2005-06-30 WordPress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit Published
  • 2005-06-30 WordPress SQL Injection and Cross Site Scripting Vulnerabilities Published
  • 2005-06-22 WordPress <= 1.5.1.1 SQL Injection Exploit Published
  • 2005-06-21 WordPress <= 1.5.1.1 “add new admin” SQL Injection Exploit Published
  • 2005-06-21 WordPress <= 1.5.1.1 “”add new admin”” SQL Injection Exploit Published
  • 2005-05-30 WordPress “cat_ID” Remote SQL Injection Vulnerability Published
  • 2004-10-10 WordPress Blog HTTP Splitting Vulnerability Published

Read more: http://www.w3bsecurity.com/warning-wordpress-plugins-vulnerability-list-from-2004-to-2013/#ixzz2XUzxdY9x

Share this

Comments (3)

Leave a reply