WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Side Menu – add fixed side buttons <= 3.1.3 - SQL Injection
7.2
CVE-2021-24348
May 27, 2021
Researcher: Shreya Pohekar
Xllentech English Islamic Calendar <= 2.6.7 - SQL Injection
8.8
CVE-2021-24341
May 27, 2021
Researcher: Syed Sheeraz Ali
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting
5.4
CVE-2021-24346
May 27, 2021
Researcher: Shreya Pohekar
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval
4.3
CVE-2021-24355
May 26, 2021
Researcher: Chloe Chamberland
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference
4.3
CVE ID Unknown
May 26, 2021
Researcher: WPScanTeam
Gallery From Files <= 1.60 - Arbitrary File Upload
9.8
CVE ID Unknown
May 26, 2021
Researcher: WPScanTeam
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export
8.8
CVE-2021-24352
May 26, 2021
Researcher: Chloe Chamberland
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import
8.8
CVE-2021-24353
May 26, 2021
Researcher: Chloe Chamberland
WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter
5.5
CVE-2021-24424
May 26, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
Gallery from files <= 1.60 - Reflected Cross-Site Scripting
6.1
CVE-2021-24349
May 26, 2021
Researcher: Satyender Yadav
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation
8.8
CVE-2021-24354
May 26, 2021
Researcher: Chloe Chamberland
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation
8.8
CVE-2021-24356
May 26, 2021
Researcher: Chloe Chamberland
Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2021-24350
May 26, 2021
Researcher: Mesut Cetin
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload
8.8
CVE-2021-24347
May 25, 2021
Researcher: Viktor Markopoulos
WP LMS – Best WordPress LMS Plugin <= 1.1.5 - Cross-Site Scripting
6.1
CVE-2021-24504
May 24, 2021
Researcher: Mohammed Adam
iFlyChat – WordPress Chat <= 4.6.4 - Admin+ Stored Cross-Site Scripting
4.8
CVE-2021-24343
May 24, 2021
Researcher: Kishore Hariram
Easy Preloader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
5.5
CVE-2021-24344
May 24, 2021
Researcher: Kishore Hariram
Cookie Law Bar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
5.5
CVE ID Unknown
May 24, 2021
Researcher: Mesut Cetin
JNews - WordPress Newspaper Magazine Blog AMP Theme < 8.0.6 - Reflected Cross-Site Scripting
6.1
CVE-2021-24342
May 24, 2021
Researcher: Truoc Phan
WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting
6.4
CVE-2021-24421
May 19, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
Title CVE ID CVSS Researchers Date
Side Menu – add fixed side buttons <= 3.1.3 - SQL Injection CVE-2021-24348 7.2 Shreya Pohekar May 27, 2021
Xllentech English Islamic Calendar <= 2.6.7 - SQL Injection CVE-2021-24341 8.8 Syed Sheeraz Ali May 27, 2021
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting CVE-2021-24346 5.4 Shreya Pohekar May 27, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval CVE-2021-24355 4.3 Chloe Chamberland May 26, 2021
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference 4.3 WPScanTeam May 26, 2021
Gallery From Files <= 1.60 - Arbitrary File Upload 9.8 WPScanTeam May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export CVE-2021-24352 8.8 Chloe Chamberland May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import CVE-2021-24353 8.8 Chloe Chamberland May 26, 2021
WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter CVE-2021-24424 5.5 Vladislav Pokrovsky (ΞX.MI) May 26, 2021
Gallery from files <= 1.60 - Reflected Cross-Site Scripting CVE-2021-24349 6.1 Satyender Yadav May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation CVE-2021-24354 8.8 Chloe Chamberland May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation CVE-2021-24356 8.8 Chloe Chamberland May 26, 2021
Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24350 7.2 Mesut Cetin May 26, 2021
SP Project & Document Manager <= 4.21 - Authenticated Shell Upload CVE-2021-24347 8.8 Viktor Markopoulos May 25, 2021
WP LMS – Best WordPress LMS Plugin <= 1.1.5 - Cross-Site Scripting CVE-2021-24504 6.1 Mohammed Adam May 24, 2021
iFlyChat – WordPress Chat <= 4.6.4 - Admin+ Stored Cross-Site Scripting CVE-2021-24343 4.8 Kishore Hariram May 24, 2021
Easy Preloader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2021-24344 5.5 Kishore Hariram May 24, 2021
Cookie Law Bar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting 5.5 Mesut Cetin May 24, 2021
JNews - WordPress Newspaper Magazine Blog AMP Theme < 8.0.6 - Reflected Cross-Site Scripting CVE-2021-24342 6.1 Truoc Phan May 24, 2021
WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting CVE-2021-24421 6.4 Vladislav Pokrovsky (ΞX.MI) May 19, 2021
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Mar 26, 2024
Vulns
1 Dhabaleshwar Das 73
2 Krzysztof Zając 43
3 Ngô Thiên An (ancorn_) 36
4 Francesco Carlucci 35
5 Dimas Maulana 35
6 wesley (wcraft) 33
7 LVT-tholv2k 32
8 Majed Refaea 30
9 Rafie Muhammad 28
10 stealthcopter 25
11 Lucio Sá 24
12 Joshua Chan 23
13 beluga 22
14 Abdi Pranata 22
15 Mika 18
16 Khalid 16
17 Steven Julian 16
18 Webbernaut 16
19 Dave Jong 12
20 João Pedro Soares de Alcântara 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation