Wordfence Intelligence

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Top 10 Offending IPs from IP Threat Feed

Past 24 hours

#	IP Address	Blocked Attacks
1	94.102.51.95	19,094,558
2	80.82.78.133	14,813,204
3	199.19.72.125	10,141,168
4	31.43.191.220	10,066,948
5	94.156.64.75	9,259,885
6	94.102.51.144	8,955,722
7	80.82.76.214	7,906,042
8	89.248.163.208	2,033,894
9	194.38.23.16	1,981,560
10	111.90.148.14	1,880,256

Top 5 Generic Vulnerabilities Blocked by Wordfence

Past 24 hours

#	Vulnerability
1	XSS: Cross Site Scripting
2	SQL Injection
3	Directory Traversal
4	Directory Traversal (Requesting wp-config.php)
5	Directory Traversal via HTTP Headers

Top 10 Unique WordPress Vulnerabilities Blocked by Wordfence

Past 24 hours

#	Vulnerability
1	N-Media Post Front-end Form < 1.1 - Arbitrary File Upload
2	POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authorization Bypass via type connect-app API
3	Plus Addons for Elementor Page Builder <= 4.1.6 - Authentication Bypass Method #2
4	Rank Math SEO <= 1.0.40.2 - Unprotected REST API Endpoints
5	WAF-RULE-687
6	WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution
7	OptinMonster <= 2.6.4 - Unprotected REST-API Endpoints
8	Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read
9	Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload
10	Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Recently Added Vulnerabilities

Submit Vulnerability View All

ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection

8.8

CVE-2024-3240

May 3, 2024

Researcher: 1337_Wannabe

Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta

6.4

CVE-2023-6854

May 3, 2024

Researcher: Francesco Carlucci

Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

5.4

CVE-2024-3868

May 3, 2024

Researcher: mike harris

Import and export users and customers <= 1.26.5 - Missing Authorization

4.3

CVE-2024-1050

May 3, 2024

Researcher: Francesco Carlucci

Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4193

May 3, 2024

Researcher: Krzysztof Zając

Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

5.3

CVE-2024-3916

May 3, 2024

Researcher: Francesco Carlucci

Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-4383

May 3, 2024

Researcher: wesley (wcraft)

SimpleShop <= 2.10.2 - Missing Authorization

5.3

CVE-2024-1229

May 3, 2024

Researcher: Francesco Carlucci

Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process

5.4

CVE-2023-7065

May 3, 2024

Researcher: Lucio Sá

ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

5.4

CVE-2024-3237

May 3, 2024

Researcher: M.Awad

#	Title	CVE ID	CVSS	Researchers	Date
1	ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection	CVE-2024-3240	8.8	1337_Wannabe	May 3, 2024
2	Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta	CVE-2023-6854	6.4	Francesco Carlucci	May 3, 2024
3	Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name	CVE-2024-3868	5.4	mike harris	May 3, 2024
4	Import and export users and customers <= 1.26.5 - Missing Authorization	CVE-2024-1050	4.3	Francesco Carlucci	May 3, 2024
5	Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-4193	6.4	Krzysztof Zając	May 3, 2024
6	Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	CVE-2024-3916	5.3	Francesco Carlucci	May 3, 2024
7	Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-4383	6.4	wesley (wcraft)	May 3, 2024
8	SimpleShop <= 2.10.2 - Missing Authorization	CVE-2024-1229	5.3	Francesco Carlucci	May 3, 2024
9	Stop Spammers Security \| Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process	CVE-2023-7065	5.4	Lucio Sá	May 3, 2024
10	ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update	CVE-2024-3237	5.4	M.Awad	May 3, 2024

Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All

Rank	Name	Vulnerabilities since Apr 4, 2024 Vulns
1	Dhabaleshwar Das	80
2	Joshua Chan	45
3	Krzysztof Zając	45
4	Rafie Muhammad	45
5	Majed Refaea	39
6	stealthcopter	38
7	Ngô Thiên An (ancorn_)	34
8	Francesco Carlucci	31
9	wesley (wcraft)	30
10	Abdi Pranata	28

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation