WPScanTeam

Title	CVE ID	CVSS	Vector	Date
WP Hotel Booking <= 2.0.0 - Missing Authorization to Settings Update		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	August 22, 2022
Strong Testimonials <= 2.51.2 - Authorization Bypass		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	June 30, 2021
Wishlist and Compare for WooCommerce <= 1.0.4 - Authorization Bypass		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	May 8, 2021
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions	CVE-2022-2657	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	August 15, 2022
Post Carousel < 2.3.5 - Missing Capabilities Check		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	August 16, 2021
WP SEO TDK <= 2.1.2 - Missing Authorization to Stored Cross-Site Scripting		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 20, 2021
Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.35.1 - Authorization Bypass		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	June 30, 2021
Zephyr Project Manager <= 3.2.42 - Missing Authorization to Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 29, 2022
Social Slider Feed <= 2.0.4 - Missing Authorization to Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 1, 2022
Student Result or Employee Database <= 1.7.9 - Missing Authorization		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 1, 2022
Two Way Chat <= 3.1.4 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Live Scores for SportsPress <= 1.9.0 - Authenticated (Admin+) Local File Inclusion		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2021
SMTP Mail <= 1.2.1 - SQL Injection		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 24, 2021
Jock on air now <= 5.6.2 - Unauthenticated Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 18, 2021
Email Artillery (MASS EMAIL) <= 4.1 - Authenticated SQL Injection		7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 16, 2021
Subscribe2 <= 10.37 - Cross-Site Request Forgery	CVE-2022-4309	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	December 22, 2022
Import all XML, CSV & TXT into WordPress < 6.4.2 - Missing Authorization		7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	January 17, 2022
School Management System – WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	October 11, 2021
VR Calendar <= 2.4.0 - Authenticated (Administrator+) Local File Inclusion		6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	July 28, 2022
HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection	CVE-2023-2111	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 2, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation