WordPress Vulnerability Database

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Title CVE ID CVSS Researchers Date
WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery CVE-2024-31235 4.3 Dhabaleshwar Das April 5, 2024
ARForms Form Builder <= 1.6.1 - Missing Authorization CVE-2024-31270 4.3 beluga April 5, 2024
Ultimate Maps by Supsystic <= 1.2.16 - Cross-Site Request Forgery CVE-2024-31271 4.3 Steven Julian April 5, 2024
Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification CVE-2024-1994 4.3 Lucio Sá April 5, 2024
Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views() CVE-2024-31264 4.3 Brandon James Roldan (tomorrowisnew) April 5, 2024
WooCommerce <= 8.5.2 - Cross-Site Request Forgery CVE-2024-22155 4.3 Dhabaleshwar Das April 5, 2024
Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization CVE-2024-31267 4.3 Dhabaleshwar Das April 5, 2024
Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure CVE-2024-31278 4.3 Khalid April 5, 2024
Sign-up Sheets <= 2.2.11.1 - Cross-Site Request Forgery CVE-2024-31303 4.3 Dhabaleshwar Das April 5, 2024
ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery CVE-2024-31272 4.3 beluga April 5, 2024
Easy Social Share Buttons <= 9.4 - Missing Authorization CVE-2024-31307 4.3 Rafie Muhammad April 5, 2024
AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback() CVE-2024-31268 4.3 Dhabaleshwar Das April 5, 2024
Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order() CVE-2024-31347 4.3 Abdi Pranata April 5, 2024
Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery CVE-2024-31238 4.3 thiennv April 5, 2024
Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery CVE-2024-31263 4.3 Skalucy April 5, 2024
WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery CVE-2024-31285 4.3 Majed Refaea April 5, 2024
Church Admin <= 4.1.6 - Missing Authorization CVE-2024-31281 4.3 Peng Zhou April 5, 2024
Easy Google Maps <= 1.11.11 - Cross-Site Request Forgery CVE-2024-31269 4.3 Steven Julian April 5, 2024
Announcer – Notification & message bars <= 6.0 - Missing Authorization CVE-2024-31261 4.3 Abdi Pranata April 5, 2024
BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference CVE-2024-31296 4.3 Steven Julian April 5, 2024

Researcher Hall of Fame (Past 30 days)

Rank Name
Vulnerabilities since Dec 24, 2024
Vulns
1 SOPROBRO 260
2 João Pedro Soares de Alcântara 69
3 Mika 46
4 vgo0 43
5 0xd4rk5id3 34
6 Peter Thaleikis 24
7 Lucio Sá 23
8 Le Ngoc Anh 21
9 zaim 17
10 Hassan Khan Yusufzai - Splint3r7 16
11 LVT-tholv2k 16
12 Colin Xu 15
13 akas wisnu aji 14
14 stealthcopter 14
15 Trương Hữu Phúc (truonghuuphuc) 14
16 yudha 13
17 Bob Matyas 12
18 Webbernaut 11
19 Dhabaleshwar Das 10
20 theviper17y 10

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation