Plugin icon

Patreon WordPress

patreon-connect

Vulnerabilities:

10

Last Updated:

October 30, 2025

Active Installs:

3000

Published
Title
Fixed in
CVSS
Published
2025-01-24
Title
Patreon WordPress < 1.9.2 - Missing Authorization
Fixed in
Fixed in 1.9.2
CVSS
5.3 (medium)
Published
2024-06-28
Title
Patreon WordPress < 1.9.1 - Protection Mechanism Bypass
Fixed in
Fixed in 1.9.1
CVSS
5.3 (medium)
Published
2023-11-07
Title
Patreon WordPress < 1.8.8 - Cross-Site Request Forgery
Fixed in
Fixed in 1.8.8
CVSS
4.3 (medium)
Published
2022-02-21
Title
Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting
Fixed in
Fixed in 1.8.2
CVSS
3.4 (low)
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta
Fixed in
Fixed in 1.7.0
CVSS
6.5 (medium)
Published
2021-03-26
Title
Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
Fixed in
Fixed in 1.7.2
CVSS
8.8 (high)
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
Fixed in
Fixed in 1.7.0
CVSS
7.5 (high)
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
Fixed in
Fixed in 1.7.0
CVSS
6.5 (medium)
Published
2021-03-26
Title
Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action
Fixed in
Fixed in 1.7.2
CVSS
8.8 (high)
Published
2018-11-23
Title
Patreon Connect < 1.2.2 - PHP Object Injection
Fixed in
Fixed in 1.2.2
CVSS
9.8 (critical)