🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WordPress Vulnerability Database

Wordfence Intelligence > Vulnerability Database

WordPress Core

WordPress Plugins

WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability

Premium Courses & eLearning <= 1.0.5 - SQL Injection

9.8

CVE ID Unknown

Jun 15, 2022

Researchers:

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection

9.8

CVE ID Unknown

Jun 15, 2022

Researchers:

Lana Email Tester <= 1.0.0 - Missing Authorization to Mail Relay & Cross-Site Request Forgery

5.3

CVE ID Unknown

Jun 15, 2022

Researchers:

OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions

6.3

CVE ID Unknown

Jun 15, 2022

Researchers:

Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting

8.8

CVE-2022-1626

Jun 15, 2022

Researcher: Daniel Ruf

Export to Text <= 2.4 - Unauthenticated Post Export

7.5

CVE ID Unknown

Jun 15, 2022

Researchers:

pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

8.8

CVE-2022-1757

Jun 15, 2022

Researcher: Daniel Ruf

Popup | Custom Popup Builder <= 1.3.1 - Missing Capabilities Check

6.4

CVE-2022-28612

Jun 14, 2022

Researcher: Ngo Van Thien

XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-32280

Jun 14, 2022

Researcher: Ngo Van Thien

WordPress Team Manager <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-29406

Jun 14, 2022

Researcher: Ngo Van Thien

Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-27859

Jun 14, 2022

Researcher: Ngo Van Thien

Gravity PDF <= 6.3.0 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Checkout Fields Manager for WooCommerce <= 5.5.6 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Table Rate Shipping Method for WooCommerce by Flexible Shipping <= 4.11.8 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researchers:

Clearfy Cache <= 2.0.4 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Real Cookie Banner <= 2.18.1 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Qubely <= 1.7.9 - Incorrect Authorization

5.4

CVE ID Unknown

Jun 14, 2022

Researcher: Jan w Oleju

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload

8.8

CVE-2022-1952

Jun 13, 2022

Researcher: cydave

Title	CVE ID	CVSS	Researchers	Date
Premium Courses & eLearning <= 1.0.5 - SQL Injection		9.8		June 15, 2022
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.10 - Code Injection		9.8		June 15, 2022
Lana Email Tester <= 1.0.0 - Missing Authorization to Mail Relay & Cross-Site Request Forgery		5.3		June 15, 2022
OnePress Opt-In Panda <= 2.6.2 - Missing Authorization on AJAX Actions		6.3		June 15, 2022
Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting	CVE-2022-1626	8.8	Daniel Ruf	June 15, 2022
Export to Text <= 2.4 - Unauthenticated Post Export		7.5		June 15, 2022
pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2022-1757	8.8	Daniel Ruf	June 15, 2022
Popup \| Custom Popup Builder <= 1.3.1 - Missing Capabilities Check	CVE-2022-28612	6.4	Ngo Van Thien	June 14, 2022
XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-32280	6.4	Ngo Van Thien	June 14, 2022
WordPress Team Manager <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-29406	6.4	Ngo Van Thien	June 14, 2022
Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-27859	6.4	Ngo Van Thien	June 14, 2022
Gravity PDF <= 6.3.0 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Checkout Fields Manager for WooCommerce <= 5.5.6 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Table Rate Shipping Method for WooCommerce by Flexible Shipping <= 4.11.8 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting		6.1		June 14, 2022
Clearfy Cache <= 2.0.4 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Real Cookie Banner <= 2.18.1 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Qubely <= 1.7.9 - Incorrect Authorization		5.4	Jan w Oleju	June 14, 2022
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload	CVE-2022-1952	8.8	cydave	June 13, 2022

Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All

Rank	Name	Vulnerabilities since Apr 5, 2024 Vulns
1	Dhabaleshwar Das	71
2	Rafie Muhammad	43
3	Krzysztof Zając	42
4	Joshua Chan	38
5	stealthcopter	35
6	Majed Refaea	31
7	Ngô Thiên An (ancorn_)	29
8	Francesco Carlucci	29
9	wesley (wcraft)	27
10	Abdi Pranata	24
11	Lucio Sá	23
12	Dave Jong	22
13	Steven Julian	20
14	LVT-tholv2k	19
15	Khalid	18
16	Dimas Maulana	18
17	beluga	16
18	Webbernaut	15
19	Mika	14
20	CatFather	12

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation