Sicurezza di WordPress
Realizzare un sito web sicuro in WordPress richiede non solo di saper scegliere la giusta piattaforma e i migliori componenti software, ma anche aggiornamenti puntuali ed un occhio su tutte le possibili segnalazioni e vulnerabilità. Proprio per aumentare la sicurezza dei nostri siti abbiamo creato questo servizio che tiene monitorata la lista delle vulnerabilità segnalate in rete, relativa a CMS più utilizzato al mondo (ed anche da noi), WordPress.
Occorre precisare che gli attacchi di hacking ed i problemi di sicurezza di un sito web sono in genere il risultato di un errore umano, sia che si tratti di un errore di configurazione o del mancato aggiornamento di un componente o della piattaforma.
Se uno dei plugin, temi o componenti che utilizzi sul tuo sito web è in questa lista ti consigliamo di aggiornarlo subito. Qualora l’aggiornamento non sia disponibile, allora la cosa migliore che puoi farlo è rimuoverlo o sospendere il tuo sito e contattare un programmatore esperto di WordPress.
Hai problemi di sicurezza su WordPress? Contatta ora uno sviluppatore esperto!
| Type | |||
|---|---|---|---|
| Type | Product | Classification OWASP | Disclosure date |
| Plugins | Everest Forms | Top 10 A1: Injection | 2019-07-19 |
| Plugins | All-in-One WP Migration | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-18 |
| Plugins | Category Specific RSS feed Subscription | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-18 |
| Plugins | Coming Soon | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-17 |
| Plugins | Appointment Hour Booking | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-16 |
| Plugins | Ad Inserter | Top 10 A1: Injection | 2019-07-15 |
| Plugins | Custom Body Class | 2019-07-15 | |
| Plugins | Ad Inserter | 2019-07-13 | |
| Plugins | Hybrid Composer | 2019-07-13 | |
| Plugins | FV Flowplayer Video Player | Top 10 A1: Injection | 2019-07-13 |
| Plugins | School Management | 2019-07-13 | |
| Plugins | Ultimate Member | 2019-07-13 | |
| Plugins | One Click SSL | 2019-07-13 | |
| Plugins | Newsletters | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-11 |
| Plugins | Yoast SEO | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-10 |
| Plugins | Gallery PhotoBlocks | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-10 |
| Plugins | WP Google Maps | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-10 |
| Plugins | File Manager | 2019-07-10 | |
| Plugins | LiveChat | 2019-07-10 | |
| Plugins | Icegram | 2019-07-10 | |
| Plugins | Custom CSS Pro | 2019-07-10 | |
| Plugins | HTML5 Maps | 2019-07-10 | |
| Plugins | Download Personalized WooCommerce Cart Page | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-10 |
| Plugins | Contest Gallery | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-10 |
| Plugins | Online Lesson Booking | 2019-07-10 | |
| Plugins | Attendance Manager | 2019-07-10 | |
| Plugins | Zoho SalesIQ | 2019-07-10 | |
| Plugins | WP Like Button | Top 10 A2: Broken Authentication and Session Management | 2019-07-10 |
| Plugins | Slimstat Analytics | 2019-07-10 | |
| Plugins | Rencontre | 2019-07-10 | |
| Plugins | iLive | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-09 |
| Plugins | WooCommerce | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-07 |
| Plugins | Appointment Booking Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-07 |
| Plugins | Gallery PhotoBlocks | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-05 |
| Plugins | MyBookTable Bookstore | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-05 |
| Plugins | Ocean Extra | Top 10 A2: Broken Authentication and Session Management | 2019-07-04 |
| Plugins | Ocean Extra | Top 10 A1: Injection | 2019-07-04 |
| Plugins | Essential Real Estate | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-04 |
| Plugins | Visitors Traffic Real Time Statistics | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-04 |
| Plugins | WP Statistics | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-04 |
| Plugins | Simple Mail Address Encoder | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-04 |
| Plugins | Widget Logic | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-02 |
| Plugins | 360 Product Rotation | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-02 |
| Plugins | Watu Quiz | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-02 |
| Plugins | Widget Logic | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-07-02 |
| Plugins | Insert or Embed Articulate Content into WordPress | Top 10 A1: Injection | 2019-07-02 |
| Plugins | Insert or Embed Articulate Content into WordPress | Top 10 A7: Missing Function Level Access Control | 2019-07-02 |
| Plugins | Live Chat Unlimited | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-02 |
| Plugins | SAML SP Single Sign On | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-27 |
| Plugins | WP Better Permalinks | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-27 |
| Plugins | ACF: Better Search | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-27 |
| Plugins | WebP Converter for Media | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-27 |
| Plugins | Block wp-login | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-27 |
| Plugins | WebP Express | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-26 |
| Plugins | Import users from CSV with meta | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-26 |
| Plugins | WP Ultimate Recipe | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-26 |
| Plugins | Revamp CRM for WooCommerce | Top 10 A1: Injection | 2019-06-25 |
| Plugins | Custom 404 Pro | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | CP Contact Form with Paypal | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | Deny All Firewall | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-25 |
| Plugins | WordPress SEO Plugin – Rank Math | Top 10 A7: Missing Function Level Access Control | 2019-06-25 |
| Plugins | Sina Extension for Elementor | Top 10 A1: Injection | 2019-06-25 |
| Plugins | ConvertPlus | 2019-06-25 | |
| Plugins | Dropshix | 2019-06-25 | |
| Plugins | Shortlinks by Pretty Links | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | Shortlinks by Pretty Links | Top 10 A1: Injection | 2019-06-25 |
| Plugins | Facebook for WooCommerce | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-25 |
| Plugins | Ninja Forms | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | Easy pdf restaurant menu upload | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | GA Backend Tracking | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | Ninja Forms | Top 10 A1: Injection | 2019-06-25 |
| Plugins | Support Board | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-25 |
| Plugins | IP Blocker Lite | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-19 |
| Plugins | WordPress SEO Plugin – Rank Math | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-18 |
| Plugins | WebP Express | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | WP-Members | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | Breadcrumbs by menu | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-16 |
| Plugins | Breadcrumbs by menu | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | Finale Lite | Top 10 A1: Injection | 2019-06-16 |
| Plugins | Related YouTube Videos | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | Related YouTube Videos | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-16 |
| Plugins | Affiliates Manager | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | Easy Digital Downloads | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-16 |
| Plugins | Download Manager | 2019-06-16 | |
| Plugins | WP Google Maps | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-06-16 |
| Plugins | WP Statistics | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-12 |
| Plugins | User Submitted Posts | Top 10 A1: Injection | 2019-06-11 |
| Plugins | Crelly Slider | Top 10 A1: Injection | 2019-06-11 |
| Plugins | Paid Memberships Pro | Top 10 A10: Unvalidated Redirects and Forwards | 2019-06-11 |
| Plugins | Hustle | Top 10 A1: Injection | 2019-06-11 |
| Plugins | ConvertPlus | Top 10 A7: Missing Function Level Access Control | 2019-06-11 |
| Plugins | Slick Popup | Top 10 A2: Broken Authentication and Session Management | 2019-06-11 |
| Plugins | WP Database Backup | Top 10 A1: Injection | 2019-05-29 |
| Plugins | Simple File List | Top 10 A6: Sensitive Data Exposure | 2019-05-27 |
| Plugins | Simple File List | Top 10 A7: Missing Function Level Access Control | 2019-05-27 |
| Plugins | Hostel | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-27 |
| Plugins | Event Management Tickets Booking | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-27 |
| Plugins | Virim | 2019-05-27 | |
| Plugins | Form Maker | Top 10 A1: Injection | 2019-05-25 |
| Plugins | Slimstat Analytics | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-22 |
| Plugins | WP Booking System | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-05-22 |
| Plugins | Live Chat with Facebook Messenger | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-22 |
| Plugins | WPGraphQL | 2019-05-22 | |
| Plugins | Newsletter Manager | Top 10 A10: Unvalidated Redirects and Forwards | 2019-05-21 |
| Plugins | FV Flowplayer Video Player | Top 10 A7: Missing Function Level Access Control | 2019-05-21 |
| Plugins | FV Flowplayer Video Player | Top 10 A1: Injection | 2019-05-21 |
| Plugins | FV Flowplayer Video Player | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-21 |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-21 |
| Plugins | Register IPs | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-16 |
| Plugins | Ultimate Member | 2019-05-16 | |
| Plugins | W3 Total Cache | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-07 |
| Plugins | All-in-One Event Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-06 |
| Plugins | My Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-06 |
| Plugins | Blog Designer | Top 10 A3: Cross Site Scripting (XSS) | 2019-05-02 |
| Plugins | Print My Blog | Top 10 A5: Security Misconfiguration | 2019-04-27 |
| Plugins | WooCommerce Checkout Manager | Top 10 A1: Injection | 2019-04-26 |
| Plugins | Social Warfare | Top 10 A1: Injection | 2019-04-24 |
| Plugins | WP Statistics | Top 10 A3: Cross Site Scripting (XSS) | 2019-04-24 |
| Plugins | Form Builder | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-04-24 |
| Plugins | WordPress Download Manager | Top 10 A3: Cross Site Scripting (XSS) | 2019-04-23 |
| Plugins | YellowPencil Visual CSS Style Editor | Top 10 A7: Missing Function Level Access Control | 2019-04-12 |
| Plugins | Advanced Contact form 7 DB | Top 10 A1: Injection | 2019-04-12 |
| Plugins | Contact Form by WD | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-04-10 |
| Plugins | Form Maker | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-04-10 |
| Plugins | Yuzo Related Posts | Top 10 A2: Broken Authentication and Session Management | 2019-04-10 |
| Plugins | Duplicate Page | Top 10 A1: Injection | 2019-04-08 |
| Plugins | Ultimate Member | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-04-04 |
| Plugins | Pipdig Power Pack | Top 10 A10: Unvalidated Redirects and Forwards | 2019-04-02 |
| Plugins | WP Google Maps | Top 10 A1: Injection | 2019-04-02 |
| Plugins | article2pdf | 2019-03-28 | |
| Plugins | Font Organizer | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-22 |
| Plugins | Social Warfare | Top 10 A7: Missing Function Level Access Control | 2019-03-22 |
| Plugins | NextScripts | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-22 |
| Plugins | WP Google Maps | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-22 |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-22 |
| Plugins | YOP Poll | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-22 |
| Plugins | Easy WP SMTP | Top 10 A2: Broken Authentication and Session Management | 2019-03-20 |
| Plugins | GraceMedia Media Player | Top 10 A1: Injection | 2019-03-19 |
| Plugins | WP Support Plus Responsive Ticket System | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-19 |
| Plugins | FormCraft | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-03-13 |
| Plugins | Smart Forms | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-03-13 |
| Plugins | Abandoned Cart Lite | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Abandoned Cart Pro | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Caldera Forms | 2019-03-12 | |
| Plugins | Contact Form Email | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Contact Form Email | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-03-12 |
| Plugins | WP Fastest Cache | Top 10 A7: Missing Function Level Access Control | 2019-03-12 |
| Plugins | Blog2Social | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Quiz And Survey Master | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Give | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | WP Google Maps | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | YOP Poll | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-12 |
| Plugins | Delete Duplicate Posts | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | Content Aware Sidebars | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | Contact Form 7 Multi-Step Forms | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | BuddyForms | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | 404 to 301 | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | WP Affiliate Disclosure | Top 10 A2: Broken Authentication and Session Management | 2019-03-05 |
| Plugins | WP Security Audit Log | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | Stop User Enumeration | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | WP Mobile Menu | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | NextGEN Gallery | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | FooGallery | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | FooBox Image Lightbox | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | Image Photo Gallery Final Tiles Grid | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | Easy Watermark | Top 10 A2: Broken Authentication and Session Management | 2019-03-02 |
| Plugins | WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2019-02-26 |
| Plugins | WP Cost Estimation & Payment Forms Builder | Top 10 A4: Insecure Direct Object References | 2019-02-14 |
| Plugins | WP Cost Estimation & Payment Forms Builder | Top 10 A4: Insecure Direct Object References | 2019-02-14 |
| Plugins | Simple Social Media Share Buttons | Top 10 A7: Missing Function Level Access Control | 2019-02-12 |
| Plugins | Parallax Scroll | Top 10 A3: Cross Site Scripting (XSS) | 2019-02-06 |
| Plugins | Forminator | Top 10 A3: Cross Site Scripting (XSS) | 2019-02-06 |
| Plugins | Forminator | Top 10 A1: Injection | 2019-02-06 |
| Plugins | Yet Another Stars Rating | Top 10 A1: Injection | 2019-01-28 |
| Plugins | Health Check & Troubleshooting | Top 10 A4: Insecure Direct Object References | 2019-01-28 |
| Plugins | Health Check & Troubleshooting | Top 10 A7: Missing Function Level Access Control | 2019-01-28 |
| Plugins | Wise Chat | Top 10 A10: Unvalidated Redirects and Forwards | 2019-01-25 |
| Plugins | Social Network Tabs | Top 10 A6: Sensitive Data Exposure | 2019-01-17 |
| Plugins | Easy Redirect Manager | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-15 |
| Plugins | Spam Byebye | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-14 |
| Plugins | User Registration | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-14 |
| Plugins | MapSVG Lite | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-01-08 |
| Plugins | JSmol2WP | Top 10 A5: Security Misconfiguration | 2019-01-08 |
| Plugins | JSmol2WP | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-08 |
| Plugins | Baggage Freight Shipping Australia | Top 10 A1: Injection | 2019-01-08 |
| Plugins | Google XML Sitemaps | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-08 |
| Plugins | WP AutoSuggest | Top 10 A1: Injection | 2019-01-08 |
| Plugins | Two Factor Authentication | Top 10 A8: Cross Site Request Forgery (CSRF) | 2019-01-08 |
| Plugins | WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2019-01-07 |
| Plugins | WP Job Manager | 2019-01-07 | |
| Plugins | Adicon Server | Top 10 A1: Injection | 2019-01-07 |
| Plugins | Audio Record | Top 10 A1: Injection | 2019-01-07 |
| Plugins | Import users from CSV with meta | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-13 |
| Plugins | Jetpack | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-12 |
| Plugins | WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-11 |
| Plugins | Contact Form by WPForms | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-10 |
| Plugins | Advanced Custom Fields | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-10 |
| Plugins | Smush Image Compression and Optimization | 2018-12-10 | |
| Plugins | Google Analytics by Monster Insights | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-07 |
| Plugins | WP Mail SMTP by WPForms | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-07 |
| Plugins | Social Sharing Plugin – Kiwi | Top 10 A7: Missing Function Level Access Control | 2018-12-07 |
| Plugins | PropertyHive | 2018-12-07 | |
| Plugins | Contact Form by WPForms | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-07 |
| Plugins | Redirection | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-12-06 |
| Plugins | Arigato Autoresponder and Newsletter | Top 10 A1: Injection | 2018-12-04 |
| Plugins | Arigato Autoresponder and Newsletter | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-04 |
| Plugins | Ninja Forms | Top 10 A10: Unvalidated Redirects and Forwards | 2018-12-04 |
| Plugins | Ultimate Member | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-11-27 |
| Plugins | WP-DBManager | Top 10 A7: Missing Function Level Access Control | 2018-11-27 |
| Plugins | Yoast SEO | Top 10 A7: Missing Function Level Access Control | 2018-11-20 |
| Plugins | Ninja Forms | Top 10 A3: Cross Site Scripting (XSS) | 2018-11-15 |
| Plugins | Better WordPress reCAPTCHA | Top 10 A3: Cross Site Scripting (XSS) | 2018-11-13 |
| Plugins | Media File Manager | Top 10 A4: Insecure Direct Object References | 2018-11-13 |
| Plugins | Media File Manager | Top 10 A3: Cross Site Scripting (XSS) | 2018-11-13 |
| Plugins | WP GDPR Compliance | Top 10 A2: Broken Authentication and Session Management | 2018-11-13 |
| Plugins | Flow-Flow Social Stream | Top 10 A3: Cross Site Scripting (XSS) | 2018-11-13 |
| Plugins | Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2018-11-13 |
| Plugins | Accelerated Mobile Pages | Top 10 A2: Broken Authentication and Session Management | 2018-11-13 |
| Plugins | WooCommerce | Top 10 A7: Missing Function Level Access Control | 2018-11-07 |
| Plugins | ARForms | 2018-10-29 | |
| Plugins | Pie Register | Top 10 A3: Cross Site Scripting (XSS) | 2018-10-29 |
| Plugins | WooCommerce | Top 10 A1: Injection | 2018-10-29 |
| Plugins | PDF & Print | Top 10 A3: Cross Site Scripting (XSS) | 2018-10-03 |
| Plugins | Breadcrumb NavXT | Top 10 A6: Sensitive Data Exposure | 2018-10-03 |
| Plugins | Wechat Broadcast | Top 10 A1: Injection | 2018-10-03 |
| Plugins | FV Flowplayer Video Player | Top 10 A3: Cross Site Scripting (XSS) | 2018-10-03 |
| Plugins | Localize My Post | Top 10 A1: Injection | 2018-10-03 |
| Plugins | Contact Form 7 | Top 10 A2: Broken Authentication and Session Management | 2018-09-13 |
| Plugins | FV Flowplayer Video Player | Top 10 A3: Cross Site Scripting (XSS) | 2018-09-09 |
| Plugins | Userpro | Top 10 A3: Cross Site Scripting (XSS) | 2018-09-09 |
| Plugins | File Manager | Top 10 A3: Cross Site Scripting (XSS) | 2018-09-09 |
| Plugins | Duplicator | Top 10 A1: Injection | 2018-09-05 |
| Plugins | Image Intense Plugin | Top 10 A1: Injection | 2018-09-05 |
| Plugins | Jibu Pro | Top 10 A3: Cross Site Scripting (XSS) | 2018-09-01 |
| Plugins | WooCommerce | Top 10 A1: Injection | 2018-09-01 |
| Plugins | Export Users to CSV | Top 10 A1: Injection | 2018-09-01 |
| Plugins | Ajax BootModal Login | Top 10 A2: Broken Authentication and Session Management | 2018-09-01 |
| Plugins | Gift Vouchers | Top 10 A1: Injection | 2018-09-01 |
| Plugins | Ultimate Member | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-28 |
| Plugins | Chained Quiz | Top 10 A1: Injection | 2018-08-28 |
| Plugins | Plainview Activity Monitor | Top 10 A1: Injection | 2018-08-28 |
| Plugins | Ninja Forms | Top 10 A1: Injection | 2018-08-28 |
| Plugins | Ninja Forms | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-28 |
| Plugins | Ultimate Member | Top 10 A5: Security Misconfiguration | 2018-08-09 |
| Plugins | Gwolle Guestbook | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-09 |
| Plugins | Strong Testimonials | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-09 |
| Plugins | Snazzy Maps | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-09 |
| Plugins | Multi Step Form | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-09 |
| Plugins | Geo Mashup | Top 10 A3: Cross Site Scripting (XSS) | 2018-07-18 |
| Plugins | All In One Favicon | Top 10 A3: Cross Site Scripting (XSS) | 2018-07-18 |
| Plugins | iThemes Security | Top 10 A1: Injection | 2018-06-25 |
| Plugins | WordPress Comments Import & Export | Top 10 A1: Injection | 2018-06-22 |
| Plugins | Open Graph for Facebook, Google+ and Twitter Card Tags | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-22 |
| Plugins | Advanced Order Export For WooCommerce | Top 10 A1: Injection | 2018-06-22 |
| Plugins | Ultimate Form Builder Lite | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-20 |
| Plugins | Ultimate Form Builder Lite | Top 10 A1: Injection | 2018-06-20 |
| Plugins | Pie Register | Top 10 A1: Injection | 2018-06-20 |
| Plugins | Tooltipy | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-20 |
| Plugins | Tooltipy | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-20 |
| Plugins | Redirection | Top 10 A1: Injection | 2018-06-20 |
| Plugins | wpForo Forum | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-20 |
| Plugins | wpForo Forum | Top 10 A1: Injection | 2018-06-20 |
| Plugins | Page Visit Counter | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-11 |
| Plugins | WooCommerce Quick Reports | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-11 |
| Plugins | Woocommerce Blocker Lite | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-11 |
| Plugins | Woocommerce Notifier Lite- Send automated web push desktop notifications | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-11 |
| Plugins | Woocommerce Notifier Lite- Send automated web push desktop notifications | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-11 |
| Plugins | WP Events Calendar | Top 10 A1: Injection | 2018-06-05 |
| Plugins | WP Booking Calendar | Top 10 A1: Injection | 2018-06-05 |
| Plugins | WP Booking Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-05 |
| Plugins | ProfileGrid | Top 10 A1: Injection | 2018-06-05 |
| Plugins | WP ULike | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-05 |
| Plugins | Download Woocommerce Category Banner Management | Top 10 A7: Missing Function Level Access Control | 2018-06-03 |
| Plugins | Add Social Share Messenger Buttons Whatsapp and Viber | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-03 |
| Plugins | Advance Search for WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-03 |
| Plugins | Eu Cookie Notice | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-03 |
| Plugins | Mass Pages/Posts Creator | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-03 |
| Plugins | Page Visit Counter | Top 10 A1: Injection | 2018-06-03 |
| Plugins | WooCommerce Checkout For Digital Goods | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-03 |
| Plugins | WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-06-03 |
| Plugins | WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-03 |
| Plugins | WooCommerce Product Attachment | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-03 |
| Plugins | WooCommerce Quick Reports | Top 10 A3: Cross Site Scripting (XSS) | 2018-06-03 |
| Plugins | wpForo Forum | Top 10 A1: Injection | 2018-05-30 |
| Plugins | Loginizer | Top 10 A3: Cross Site Scripting (XSS) | 2018-05-30 |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2018-05-17 |
| Plugins | Metronet Tag Manager | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-05-17 |
| Plugins | WP User Groups | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-05-14 |
| Plugins | WF Cookie Consent | Top 10 A3: Cross Site Scripting (XSS) | 2018-05-14 |
| Plugins | GD bbPress Attachments | Top 10 A3: Cross Site Scripting (XSS) | 2018-05-14 |
| Plugins | Responsive Cookie Consent | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-29 |
| Plugins | Cookie Consent | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-29 |
| Plugins | WP with Spritz | Top 10 A4: Insecure Direct Object References | 2018-04-29 |
| Plugins | Woo Import Export | 2018-04-29 | |
| Plugins | WD Instagram Feed | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-29 |
| Plugins | Rating Widget | Top 10 A6: Sensitive Data Exposure | 2018-04-29 |
| Plugins | Caldera Forms | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-18 |
| Plugins | Google Drive for WordPress | 2018-04-18 | |
| Plugins | WP Image Zoom | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-04-12 |
| Plugins | WP Background Takeover | Top 10 A1: Injection | 2018-04-09 |
| Plugins | Relevanssi | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-09 |
| Plugins | Contact Form 7 to Database Extension | Top 10 A1: Injection | 2018-04-09 |
| Plugins | WordPress File Upload | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-09 |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-09 |
| Plugins | WP Security Audit Log | Top 10 A6: Sensitive Data Exposure | 2018-04-05 |
| Plugins | My Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2018-04-05 |
| Plugins | WordPress File Upload | 2018-04-03 | |
| Plugins | Activity Log | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-28 |
| Plugins | Duplicator | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-28 |
| Plugins | Events Manager | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-28 |
| Plugins | Site Editor | Top 10 A1: Injection | 2018-03-19 |
| Plugins | WP Support Plus Responsive Ticket System | Top 10 A1: Injection | 2018-03-15 |
| Plugins | WP Job Manager | Top 10 A1: Injection | 2018-03-15 |
| Plugins | Super Socializer | Top 10 A2: Broken Authentication and Session Management | 2018-03-15 |
| Plugins | Import any XML or CSV File to WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-13 |
| Plugins | WP Retina 2x | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-13 |
| Plugins | Import any XML or CSV File to WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-12 |
| Plugins | iThemes Security | Top 10 A3: Cross Site Scripting (XSS) | 2018-03-05 |
| Plugins | NextGEN Gallery | 2018-03-02 | |
| Plugins | Category Order and Taxonomy Terms Order | Top 10 A1: Injection | 2018-03-02 |
| Plugins | MainWP Child | Top 10 A2: Broken Authentication and Session Management | 2018-03-02 |
| Plugins | File Manager | Top 10 A6: Sensitive Data Exposure | 2018-03-02 |
| Plugins | Custom Permalinks | Top 10 A1: Injection | 2018-02-26 |
| Plugins | Custom Permalinks | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-26 |
| Plugins | Photo Gallery by WD | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-26 |
| Plugins | WP Fastest Cache | Top 10 A1: Injection | 2018-02-26 |
| Plugins | WooCommerce | 2018-02-23 | |
| Plugins | Ninja Forms | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-22 |
| Plugins | Simple Contact Info | Top 10 A7: Missing Function Level Access Control | 2018-02-07 |
| Plugins | flickrRSS | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-07 |
| Plugins | flickrRSS | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-02-07 |
| Plugins | Instagram Feed | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-07 |
| Plugins | PropertyHive | Top 10 A3: Cross Site Scripting (XSS) | 2018-02-05 |
| Plugins | Splashing Images | 2018-01-30 | |
| Plugins | Splashing Images | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-30 |
| Plugins | Social Media Widget by Acurax | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-30 |
| Plugins | Social Media Widget by Acurax | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-30 |
| Plugins | User Control | Top 10 A1: Injection | 2018-01-30 |
| Plugins | BuddyBoss Media | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | Dark Mode | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | Pinterest Feed | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | Pinterest Feed | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-22 |
| Plugins | Coming Soon | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | Coming Soon | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-22 |
| Plugins | read-and-understood | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | read-and-understood | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-22 |
| Plugins | Booking Calendar | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-22 |
| Plugins | Booking Calendar | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-22 |
| Plugins | Google Forms | Top 10 A5: Security Misconfiguration | 2018-01-22 |
| Plugins | Email Subscribers & Newsletters | Top 10 A7: Missing Function Level Access Control | 2018-01-19 |
| Plugins | YITH WooCommerce Wishlist | Top 10 A1: Injection | 2018-01-17 |
| Plugins | wpglobus | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-12 |
| Plugins | Srbtranslatin | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-12 |
| Plugins | Smooth Slider | Top 10 A1: Injection | 2018-01-11 |
| Plugins | Dbox 3D Slider Lite | Top 10 A1: Injection | 2018-01-11 |
| Plugins | Testimonial Slider | Top 10 A1: Injection | 2018-01-11 |
| Plugins | Church Admin | Top 10 A4: Insecure Direct Object References | 2018-01-10 |
| Plugins | SagePay Server Gateway for WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-10 |
| Plugins | WordPress Download Manager | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-10 |
| Plugins | LearnDash LMS | 2018-01-10 | |
| Plugins | Simple Download Monitor | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | ImageInject | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | ImageInject | Top 10 A8: Cross Site Request Forgery (CSRF) | 2018-01-09 |
| Plugins | Simple Download Monitor | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | Media from FTP | Top 10 A7: Missing Function Level Access Control | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A4: Insecure Direct Object References | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A4: Insecure Direct Object References | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A4: Insecure Direct Object References | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A4: Insecure Direct Object References | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | GD Rating System | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-09 |
| Plugins | Smart Google Code Inserter | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-08 |
| Plugins | Affiliate Ads for Clickbank Products | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-08 |
| Plugins | Z-URL Preview | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-08 |
| Plugins | Share This Image | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-08 |
| Plugins | furikake | Top 10 A10: Unvalidated Redirects and Forwards | 2018-01-08 |
| Plugins | Smart Google Code Inserter | Top 10 A1: Injection | 2018-01-03 |
| Plugins | Smart Google Code Inserter | Top 10 A2: Broken Authentication and Session Management | 2018-01-03 |
| Plugins | Duplicate Page and Post | 2017-12-29 | |
| Plugins | No Follow All External Links | 2017-12-29 | |
| Plugins | WP No External Links | 2017-12-29 | |
| Plugins | AccessPress Anonymous Post Pro | Top 10 A5: Security Misconfiguration | 2017-12-20 |
| Plugins | Top 10 | Top 10 A1: Injection | 2017-12-20 |
| Plugins | Clockwork SMS Notfications | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Two-Factor Authentication – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Booking Calendar – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Contact Form 7 – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Fast Secure Contact Form – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Formidable – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Gravity Forms – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | WP e-Commerce – Clockwork SMS | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | CSV Import-Export | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | Custom Map | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | WordPress Concours | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-20 |
| Plugins | WordPress Clean Up & Optimizer – Clean Up Optimizer | Top 10 A1: Injection | 2017-12-20 |
| Plugins | Captcha | Top 10 A2: Broken Authentication and Session Management | 2017-12-20 |
| Plugins | Smart Marketing SMS and Newsletters Forms | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-07 |
| Plugins | WP Mailster | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-06 |
| Plugins | Content Cards | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-04 |
| Plugins | Apocalypse Meow | Top 10 A2: Broken Authentication and Session Management | 2017-12-04 |
| Plugins | Emag Marketplace Connector | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-02 |
| Plugins | Elementor Page Builder | 2017-12-02 | |
| Plugins | Elementor Page Builder | 2017-12-02 | |
| Plugins | amtyThumb posts | Top 10 A3: Cross Site Scripting (XSS) | 2017-12-02 |
| Plugins | ProfileGrid | 2017-11-27 | |
| Plugins | WP Customer Area | 2017-11-27 | |
| Plugins | InLinks | Top 10 A1: Injection | 2017-11-26 |
| Plugins | TablePress | 2017-11-26 | |
| Plugins | MailChimp For WooCommerce | 2017-11-22 | |
| Plugins | Formidable Forms | Top 10 A1: Injection | 2017-11-20 |
| Plugins | Formidable Forms | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | Formidable Forms | 2017-11-20 | |
| Plugins | Yoast SEO | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | Duplicator | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | Email Log | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | WP Mail Logging | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | Simple Events Calendar | Top 10 A1: Injection | 2017-11-20 |
| Plugins | Events | Top 10 A1: Injection | 2017-11-20 |
| Plugins | Active Directory Integration | Top 10 A1: Injection | 2017-11-20 |
| Plugins | Ultimate Instagram Feed | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-20 |
| Plugins | WP Support Plus Responsive Ticket System | Top 10 A1: Injection | 2017-11-20 |
| Plugins | Caldera Forms | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-07 |
| Plugins | User Login History | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-07 |
| Plugins | JTRT Responsive Tables | Top 10 A1: Injection | 2017-11-07 |
| Plugins | WP Simple Booking Calendar Premium | 2017-11-07 | |
| Plugins | WP Simple Booking Calendar Premium | 2017-11-07 | |
| Plugins | WP Simple Booking Calendar Premium | 2017-11-07 | |
| Plugins | Userpro | 2017-11-04 | |
| Plugins | WordCamp Talks | 2017-10-31 | |
| Plugins | Ultimate Product Catalogue | 2017-10-30 | |
| Plugins | PluginOps Page Builder | 2017-10-30 | |
| Plugins | PopCash.Net Code Integration Tool | Top 10 A3: Cross Site Scripting (XSS) | 2017-10-26 |
| Plugins | Easy Appointments | Top 10 A3: Cross Site Scripting (XSS) | 2017-10-26 |
| Plugins | Ultimate Form Builder Lite | Top 10 A1: Injection | 2017-10-24 |
| Plugins | Awesome Support | 2017-10-23 | |
| Plugins | Awesome Support | 2017-10-23 | |
| Plugins | Import any XML or CSV File to WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-10-17 |
| Plugins | Qards | Top 10 A5: Security Misconfiguration | 2017-10-17 |
| Plugins | Pootle button | Top 10 A3: Cross Site Scripting (XSS) | 2017-10-13 |
| Plugins | Invite Anyone | Top 10 A1: Injection | 2017-10-13 |
| Plugins | Simple Login Log | Top 10 A1: Injection | 2017-10-11 |
| Plugins | My WP Translate | 2017-10-11 | |
| Plugins | WPHRM | Top 10 A1: Injection | 2017-10-11 |
| Plugins | Smush Image Compression and Optimization | Top 10 A4: Insecure Direct Object References | 2017-10-09 |
| Plugins | TwitterCart | 2017-10-09 | |
| Plugins | WooCommerce PDF Invoices & Packing Slips | Top 10 A3: Cross Site Scripting (XSS) | 2017-10-05 |
| Plugins | Content Timeline | Top 10 A1: Injection | 2017-10-03 |
| Plugins | Appointments | 2017-10-03 | |
| Plugins | Flickr Gallery | 2017-10-03 | |
| Plugins | RegistrationMagic-Custom Registration Forms | 2017-10-03 | |
| Plugins | Student Result or Employee Database | Top 10 A2: Broken Authentication and Session Management | 2017-09-28 |
| Plugins | BackWPup | Top 10 A6: Sensitive Data Exposure | 2017-09-28 |
| Plugins | 2kb Amazon Affiliates Store | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-28 |
| Plugins | MarketPress – WordPress eCommerce | Top 10 A1: Injection | 2017-09-28 |
| Plugins | Content Audit | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-28 |
| Plugins | VaultPress | 2017-09-25 | |
| Plugins | Responsive Image Gallery, Gallery Album | Top 10 A1: Injection | 2017-09-25 |
| Plugins | Shoppable Images Lite | 2017-09-25 | |
| Plugins | Share Drafts Publicly | 2017-09-19 | |
| Plugins | SmokeSignal | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-18 |
| Plugins | WP Like Post | Top 10 A1: Injection | 2017-09-18 |
| Plugins | SQL Shortcode | 2017-09-18 | |
| Plugins | Post Pay Counter | 2017-09-18 | |
| Plugins | Football Pool | 2017-09-13 | |
| Plugins | Media from FTP | 2017-09-13 | |
| Plugins | Display Widgets | 2017-09-10 | |
| Plugins | Participants Database | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-06 |
| Plugins | Woocommerce Product Designer | 2017-09-06 | |
| Plugins | WooCommerce Product Vendors | Top 10 A3: Cross Site Scripting (XSS) | 2017-08-31 |
| Plugins | Bad Behavior | 2017-08-26 | |
| Plugins | Embed Images in Comments | Top 10 A3: Cross Site Scripting (XSS) | 2017-08-25 |
| Plugins | Participants Database | 2017-08-25 | |
| Plugins | BackupGuard | Top 10 A3: Cross Site Scripting (XSS) | 2017-08-24 |
| Plugins | Advanced Contact form 7 DB | 2017-08-24 | |
| Plugins | Add Edit Delete Listing Module | Top 10 A1: Injection | 2017-08-17 |
| Plugins | Leaky Paywall | 2017-08-17 | |
| Plugins | AddToAny Share Buttons | Top 10 A1: Injection | 2017-08-16 |
| Plugins | Link Library | Top 10 A1: Injection | 2017-08-16 |
| Plugins | I Recommend This | Top 10 A1: Injection | 2017-08-16 |
| Plugins | RK Responsive Contact Form | Top 10 A1: Injection | 2017-08-16 |
| Plugins | Event Espresso Lite | Top 10 A1: Injection | 2017-08-16 |
| Plugins | WordPress Gallery Transformation | Top 10 A1: Injection | 2017-08-16 |
| Plugins | Attachment Manager | 2017-08-16 | |
| Plugins | Asgaros Forum | 2017-08-16 | |
| Plugins | WP Post Popup | 2017-08-11 | |
| Plugins | Cherry Team Members | 2017-08-09 | |
| Plugins | Cherry Services List | 2017-08-09 | |
| Plugins | Loginizer | Top 10 A1: Injection | 2017-08-08 |
| Plugins | Loginizer | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-08-08 |
| Plugins | Easy Modal | Top 10 A1: Injection | 2017-08-07 |
| Plugins | Podlove Podcast Publisher | Top 10 A1: Injection | 2017-08-07 |
| Plugins | PressForward | Top 10 A3: Cross Site Scripting (XSS) | 2017-08-07 |
| Plugins | Business Directory | 2017-08-02 | |
| Plugins | Estatik | 2017-08-01 | |
| Plugins | WP Live Chat Support | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-30 |
| Plugins | User Activity Log | 2017-07-29 | |
| Plugins | WP Rocket | Top 10 A4: Insecure Direct Object References | 2017-07-28 |
| Plugins | WooCommerce Stock Manager | 2017-07-27 | |
| Plugins | Youtube Embed Plus | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-07-26 |
| Plugins | Stop User Enumeration | 2017-07-26 | |
| Plugins | Ads Pro | 2017-07-25 | |
| Plugins | FormCraft 3 | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-25 |
| Plugins | Ultimate Affiliate Pro | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-25 |
| Plugins | Popup Maker | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-25 |
| Plugins | Simple Custom CSS and JS | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-25 |
| Plugins | IBPS Online Exam | Top 10 A1: Injection | 2017-07-21 |
| Plugins | IBPS Online Exam | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-21 |
| Plugins | WP Hide Security Enhancer | 2017-07-21 | |
| Plugins | Task Manager Pro | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-19 |
| Plugins | Task Manager Pro | Top 10 A1: Injection | 2017-07-19 |
| Plugins | Share Buttons by AddThis | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-07-19 |
| Plugins | Total Security | 2017-07-18 | |
| Plugins | Total Security | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-18 |
| Plugins | Download Plugin | 2017-07-14 | |
| Plugins | WooCommerce Products Filter | 2017-07-08 | |
| Plugins | WooCommerce Products Filter | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-08 |
| Plugins | Post Custom Templates Lite | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-05 |
| Plugins | Log Emails | 2017-07-05 | |
| Plugins | Activity Log | 2017-07-05 | |
| Plugins | Advanced AJAX Page Loader | 2017-07-04 | |
| Plugins | WatuPro | Top 10 A1: Injection | 2017-07-03 |
| Plugins | WP Statistics | Top 10 A1: Injection | 2017-07-01 |
| Plugins | Brute Force Login Protection | Top 10 A3: Cross Site Scripting (XSS) | 2017-06-29 |
| Plugins | Ultimate Product Catalogue | Top 10 A1: Injection | 2017-06-27 |
| Plugins | WP Security Audit Log | Top 10 A3: Cross Site Scripting (XSS) | 2017-06-27 |
| Plugins | WordPress Download Manager | 2017-06-27 | |
| Plugins | uCare | Top 10 A3: Cross Site Scripting (XSS) | 2017-06-26 |
| Plugins | WP Fastest Cache | 2017-06-20 | |
| Plugins | wpDiscuz | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-06-20 |
| Plugins | WooCommerce Upload My File | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-06-17 |
| Plugins | Responsive Menu | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-06-12 |
| Plugins | WP Jobs | Top 10 A1: Injection | 2017-06-11 |
| Plugins | WP to Twitter | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-06-10 |
| Plugins | Event List | Top 10 A1: Injection | 2017-06-04 |
| Plugins | WP-Testimonials | Top 10 A1: Injection | 2017-06-03 |
| Plugins | BePro Listings | 2017-06-03 | |
| Plugins | Companion Auto Update | 2017-06-01 | |
| Plugins | Tribulant Newsletters | Top 10 A3: Cross Site Scripting (XSS) | 2017-05-29 |
| Plugins | Tribulant Newsletters | 2017-05-29 | |
| Plugins | AffiliateWP | Top 10 A3: Cross Site Scripting (XSS) | 2017-05-26 |
| Plugins | Huge-IT Video Gallery | Top 10 A1: Injection | 2017-05-24 |
| Plugins | WP Shortcode by MyThemeShop | Top 10 A3: Cross Site Scripting (XSS) | 2017-05-22 |
| Plugins | Best Quiz Plugin for WordPress: WP Quiz | Top 10 A3: Cross Site Scripting (XSS) | 2017-05-22 |
| Plugins | Ultimate Addons for Visual Composer | Top 10 A3: Cross Site Scripting (XSS) | 2017-05-19 |
| Plugins | LayerSlider | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-05-16 |
| Plugins | WP Editor | 2017-05-12 | |
| Plugins | WP Editor | 2017-05-12 | |
| Plugins | Yoast SEO | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-05-11 |
| Plugins | Photo Gallery by WD | Top 10 A1: Injection | 2017-05-05 |
| Plugins | WP Statistics | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-28 |
| Plugins | Wow Forms | Top 10 A1: Injection | 2017-04-25 |
| Plugins | Wow Viral Signups | Top 10 A1: Injection | 2017-04-25 |
| Plugins | User Role by BestWebSoft | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-25 |
| Plugins | Ultimate Form Builder Lite | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-20 |
| Plugins | AccessPress Social Icons | Top 10 A1: Injection | 2017-04-20 |
| Plugins | Robo Gallery | 2017-04-12 | |
| Plugins | ALO EasyMail Newsletter | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-11 |
| Plugins | WordPress Firewall 2 | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-07 |
| Plugins | WHIZZ | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-04-07 |
| Plugins | CopySafe Web Protection | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-04-07 |
| Plugins | WP Customer Reviews | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-04-06 |
| Plugins | WP Customer Reviews | 2017-04-06 | |
| Plugins | WordPress Event Calendar (Spider Event Calendar) | Top 10 A3: Cross Site Scripting (XSS) | 2017-04-04 |
| Plugins | Easy Digital Downloads | 2017-03-31 | |
| Plugins | BP Group Documents | 2017-03-29 | |
| Plugins | Invite Anyone | 2017-03-22 | |
| Plugins | BackWPup | Top 10 A3: Cross Site Scripting (XSS) | 2017-03-22 |
| Plugins | Membership Simplified | Top 10 A6: Sensitive Data Exposure | 2017-03-15 |
| Plugins | Apptha Slider Gallery | Top 10 A1: Injection | 2017-03-09 |
| Plugins | Apptha Slider Gallery | Top 10 A6: Sensitive Data Exposure | 2017-03-09 |
| Plugins | NewStatPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-03-01 |
| Plugins | Mail Masta | Top 10 A1: Injection | 2017-02-18 |
| Plugins | Time Sheets | Top 10 A3: Cross Site Scripting (XSS) | 2017-02-17 |
| Plugins | Corner Ad | Top 10 A3: Cross Site Scripting (XSS) | 2017-02-16 |
| Plugins | WP Mail | Top 10 A3: Cross Site Scripting (XSS) | 2017-02-10 |
| Plugins | XO Security | Top 10 A3: Cross Site Scripting (XSS) | 2017-02-07 |
| Plugins | Online Hotel Booking System Pro | Top 10 A1: Injection | 2017-01-27 |
| Plugins | moreAds SE | 2017-01-23 | |
| Plugins | Direct Download for Woocommerce | Top 10 A1: Injection | 2017-01-17 |
| Plugins | Chained Quiz | Top 10 A3: Cross Site Scripting (XSS) | 2017-01-12 |
| Plugins | WP Support Plus Responsive Ticket System | Top 10 A2: Broken Authentication and Session Management | 2017-01-10 |
| Plugins | Responsive Poll | Top 10 A8: Cross Site Request Forgery (CSRF) | 2017-01-10 |
| Plugins | WooCommerce | Top 10 A3: Cross Site Scripting (XSS) | 2017-01-03 |
| Themes | Zoner - Real Estate | Top 10 A3: Cross Site Scripting (XSS) | 2019-07-05 |
| Themes | JobCareer | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-11 |
| Themes | Traveler | Top 10 A3: Cross Site Scripting (XSS) | 2019-06-11 |
| Themes | CarSpot | Top 10 A3: Cross Site Scripting (XSS) | 2019-04-23 |
| Themes | Newspaper | Top 10 A3: Cross Site Scripting (XSS) | 2019-02-14 |
| Themes | Supreme Directory | Top 10 A3: Cross Site Scripting (XSS) | 2018-08-28 |
| Themes | BBE | Top 10 A4: Insecure Direct Object References | 2018-06-05 |
| Themes | Enfold | 2018-01-30 | |
| Themes | Pinfinity | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-12 |
| Themes | Bridge Theme | Top 10 A3: Cross Site Scripting (XSS) | 2017-08-08 |
| Themes | Salutation Responsive WordPress + BuddyPress Theme | Top 10 A3: Cross Site Scripting (XSS) | 2017-07-31 |
| Themes | Real Estate 7 | Top 10 A4: Insecure Direct Object References | 2017-04-15 |
| Themes | Javo Spot | Top 10 A1: Injection | 2017-02-10 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2019-03-13 |
| WordPress | WordPress | Top 10 A1: Injection | 2019-02-28 |
| WordPress | WordPress | Top 10 A7: Missing Function Level Access Control | 2018-12-13 |
| WordPress | WordPress | Top 10 A7: Missing Function Level Access Control | 2018-12-13 |
| WordPress | WordPress | Top 10 A1: Injection | 2018-12-13 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-13 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-13 |
| WordPress | WordPress | Top 10 A6: Sensitive Data Exposure | 2018-12-13 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-12-13 |
| WordPress | WordPress | Top 10 A7: Missing Function Level Access Control | 2018-06-27 |
| WordPress | WordPress | 2018-04-05 | |
| WordPress | WordPress | Top 10 A10: Unvalidated Redirects and Forwards | 2018-04-05 |
| WordPress | WordPress | 2018-04-05 | |
| WordPress | WordPress | 2018-02-05 | |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2018-01-17 |
| WordPress | WordPress | Top 10 A2: Broken Authentication and Session Management | 2017-12-01 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-29 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-11-29 |
| WordPress | WordPress | 2017-11-29 | |
| WordPress | WordPress | 2017-10-31 | |
| WordPress | WordPress | Top 10 A1: Injection | 2017-09-19 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-19 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-19 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-19 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-19 |
| WordPress | WordPress | Top 10 A3: Cross Site Scripting (XSS) | 2017-09-19 |
| WordPress | WordPress | 2017-09-19 | |
| WordPress | WordPress | 2017-09-19 | |
| WordPress | WordPress | Top 10 A10: Unvalidated Redirects and Forwards | 2017-09-19 |
| WordPress | WordPress | Top 10 A10: Unvalidated Redirects and Forwards | 2017-05-17 |
| WordPress | WordPress | 2017-05-16 | |
| WordPress | WordPress | 2017-05-03 |
