Next Last 1. 2017-10-06 [1] [FD] WordPress does not hash or expire wp_signups.activati full-disclo 2. 2017-09-26 [1] [FD] CSRF/XSS in Content Audit allowing an unauthenticated full-disclo 3. 2017-07-31 [1] [FD] Stored XSS in Salutation Responsive WordPress + Buddy full-disclo 4. 2017-07-25 [1] [FD] Stop User Enumeration allows user enumeration via the full-disclo 5. 2017-07-25 [1] [FD] CSRF in YouTube (WordPress plugin) could allow unauth full-disclo 6. 2017-06-16 [1] [FD] Reflected XSS in WordPress Download Manager could all full-disclo 7. 2017-06-16 [1] [FD] Path traversal in Photo Gallery may allow admins to r full-disclo 8. 2017-05-08 [1] [FD] =?utf-8?q?CSRF/Stored_XSS_in_MSMC_=E2=80=93_Redirect_ full-disclo 9. 2017-04-05 [1] [FD] CSRF/stored XSS in WordPress Firewall 2 allows unauth full-disclo 10. 2017-01-10 [1] [FD] CSRF/XSS in Responsive Poll allows unauthenticated at full-disclo 11. 2017-01-04 [1] [FD] Stop User Enumeration does not stop user enumeration full-disclo 12. 2016-12-23 [1] [FD] Arbitrary file deletion vulnerability in Image Slider full-disclo 13. 2016-12-21 [1] [FD] copy-me vulnerable to CSRF allowing unauthenticated a full-disclo 14. 2016-12-15 [1] [FD] CSRF/stored XSS in Quiz And Survey Master (Formerly Q full-disclo 15. 2016-12-13 [1] [FD] Reflected XSS in MailChimp for WordPress could allow full-disclo 16. 2016-12-09 [1] [FD] =?utf-8?q?Reflected_XSS_in_Social_Pug_=E2=80=93_Easy_ full-disclo 17. 2016-12-09 [1] [FD] CSRF vulnerability in Multisite Post Duplicator could full-disclo 18. 2016-11-17 [1] [FD] SQL injection and unserialization vulnerability in Re full-disclo 19. 2016-11-17 [1] [FD] Unserialization vulnerability in Relevanssi Premium c full-disclo 20. 2016-11-17 [1] [FD] Unserialisation in Post Indexer could allow man-in-th full-disclo 21. 2016-11-17 [1] [FD] SQL Injection in Post Indexer allows super admins to full-disclo 22. 2016-08-08 [1] [FD] Stored XSS in Advanced Custom Fields: Table Field all full-disclo 23. 2015-10-12 [1] [FD] Full Path Disclosure vulnerability in JM Twitter Card full-disclo 24. 2015-09-01 [1] [FD] Stored XSS in Watu PRO Play allows unauthenticated at full-disclo 25. 2015-09-01 [1] [FD] CSRF in Watu PRO allows unauthenticated attackers to full-disclo 26. 2015-09-01 [1] [FD] Stored XSS in Watu PRO allows unauthenticated attacke full-disclo 27. 2015-08-26 [1] [FD] Publicly exploitable XSS in WordPress plugin Navis Do full-disclo 28. 2015-08-26 [1] [FD] CSRF/XSS vulnerability in Private Only could allow an full-disclo 29. 2015-08-17 [2] [FD] The OAuth2 Complete plugin for WordPress uses a pseud full-disclo 30. 2015-08-12 [2] [FD] Stored XSS in Google Analytics by Yoast Premium allow full-disclo Next Last