Search Results

Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Search Results

Showing 41-60 of 282 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

ARMember <= 3.4.11 - Unauthenticated SQL Injection

9.8

CVE-2022-46808

Mar 27, 2023

Researcher: Le Ngoc Anh

Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2022-47445

Mar 15, 2023

Researcher: TEAM WEBoB of BoB 11th

Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData

9.8

CVE-2023-25960

Feb 24, 2023

Researcher: Dave Jong

10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters

9.8

CVE-2023-0037

Feb 20, 2023

Researchers: Daniel Krohmer, Kunal Sharma

GamiPress <= 2.5.7 - Unauthenticated SQL Injection

9.8

CVE-2023-24000

Feb 14, 2023

Researcher: Dave Jong

LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection

9.8

CVE-2022-45808

Jan 20, 2023

Researcher: Fadilah Agung Nugraha

FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection

9.8

CVE-2022-4445

Jan 20, 2023

Researcher: cydave

GiveWP <= 2.23.2 - Unauthenticated SQL Injection

9.8

CVE-2023-0224

Jan 19, 2023

Researchers:

MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection

9.8

CVE-2023-23737

Jan 18, 2023

Researcher: Dave Jong

Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection

9.8

CVE-2023-23488

Jan 12, 2023

Researcher: Joshua Martinelle

Easy Digital Downloads < 3.1.0.4 - SQL Injection

9.8

CVE-2023-23489

Jan 12, 2023

Researcher: Joshua Martinelle

Hide My WP < 6.2.9 - Unauthenticated SQL Injection

9.8

CVE-2022-4681

Jan 11, 2023

Researcher: Xenofon Vassilakopoulos

10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection

9.8

CVE ID Unknown

Jan 11, 2023

Researchers:

Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection

9.1

CVE-2022-47588

Jan 27, 2023

Researcher: minhtuanact

Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection

8.8

CVE-2023-52180

Dec 29, 2023

Researcher: Muhammad Daffa

Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode

8.8

CVE-2023-52142

Dec 28, 2023

Researcher: Muhammad Daffa

Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings

8.8

CVE-2023-52133

Dec 28, 2023

Researcher: Muhammad Daffa

BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-50841

Dec 21, 2023

Researcher: Ngô Thiên An (ancorn_)

MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection

8.8

CVE-2023-50842

Dec 21, 2023

Researcher: Abu Hurayra

Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-50840

Dec 21, 2023

Researcher: Ngô Thiên An (ancorn_)

Title	CVE ID	CVSS	Researchers	Date
ARMember <= 3.4.11 - Unauthenticated SQL Injection	CVE-2022-46808	9.8	Le Ngoc Anh	March 27, 2023
Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection	CVE-2022-47445	9.8	TEAM WEBoB of BoB 11th	March 15, 2023
Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData	CVE-2023-25960	9.8	Dave Jong	February 24, 2023
10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters	CVE-2023-0037	9.8	Daniel Krohmer, Kunal Sharma	February 20, 2023
GamiPress <= 2.5.7 - Unauthenticated SQL Injection	CVE-2023-24000	9.8	Dave Jong	February 14, 2023
LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection	CVE-2022-45808	9.8	Fadilah Agung Nugraha	January 20, 2023
FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection	CVE-2022-4445	9.8	cydave	January 20, 2023
GiveWP <= 2.23.2 - Unauthenticated SQL Injection	CVE-2023-0224	9.8		January 19, 2023
MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection	CVE-2023-23737	9.8	Dave Jong	January 18, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection	CVE-2023-23488	9.8	Joshua Martinelle	January 12, 2023
Easy Digital Downloads < 3.1.0.4 - SQL Injection	CVE-2023-23489	9.8	Joshua Martinelle	January 12, 2023
Hide My WP < 6.2.9 - Unauthenticated SQL Injection	CVE-2022-4681	9.8	Xenofon Vassilakopoulos	January 11, 2023
10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection		9.8		January 11, 2023
Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection	CVE-2022-47588	9.1	minhtuanact	January 27, 2023
Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection	CVE-2023-52180	8.8	Muhammad Daffa	December 29, 2023
Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode	CVE-2023-52142	8.8	Muhammad Daffa	December 28, 2023
Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings	CVE-2023-52133	8.8	Muhammad Daffa	December 28, 2023
BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection	CVE-2023-50841	8.8	Ngô Thiên An (ancorn_)	December 21, 2023
MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection	CVE-2023-50842	8.8	Abu Hurayra	December 21, 2023
Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode	CVE-2023-50840	8.8	Ngô Thiên An (ancorn_)	December 21, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation