Blog

WordPress Plugin Vulnerabilities wpdefault – Backdoor PluginAsync Javascript < 2.20.02.27 – Subscriber+ Stored XSS via Plugin Settings Change10Web Map Builder for Google Maps < 1.0.64 – Unauthenticated Stored XSS via Plugin Settings ChangeModern Events Calendar Lite <= 5.1.6 – Multiple Subscriber+ Stored XSSExport Users to CSV <= 1.4.2 – CSV InjectionPhoto Gallery < 1.5.46 -…

From today we have two new fields output in our API for enterprise users, the description and poc fields. We have been displaying this data on the wpvulndb.com website since almost the beginning of the project, but excluded the data from the API due to concerns of the extra bandwidth costs. We have had a number of users request the data…

On March 2nd 2020 we will be introducing paid vulnerability email alerts for instant and daily emails. Traditionally we have been giving these away free of charge to our users, but the number of subscribers has increased steadily over the years and they are starting to become a significant monthly cost to us.