Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 81-100 of 453 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-22705

Jan 27, 2023

Researcher: Le Ngoc Anh

bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting

7.2

CVE-2023-24403

Jan 27, 2023

Researcher: Rio Darmawan

Limit Login Attempts Plus <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE ID Unknown

Jan 27, 2023

Researchers:

RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection

7.2

CVE-2022-47593

Jan 20, 2023

Researcher: Le Ngoc Anh

Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting

7.2

CVE-2023-23979

Jan 20, 2023

Researcher: yuyudhn

Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4546

Jan 19, 2023

Researchers: Kunal Sharma, Daniel Krohmer

WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-23824

Jan 19, 2023

Researcher: thiennv

teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-22704

Jan 17, 2023

Researcher: Nguyen Xuan Chien

SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-0234

Jan 13, 2023

Researcher: So Sakaguchi

Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47605

Jan 13, 2023

Researcher: minhtuanact

MagicForm <= 0.1 - Cross-Site Scripting

7.2

CVE-2022-47592

Jan 13, 2023

Researcher: minhtuanact

Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0254

Jan 12, 2023

Researcher: Etan Imanol Castro Aldrete

HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection

7.2

CVE-2022-4489

Jan 11, 2023

Researcher: thinhnguyen1337

Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0038

Jan 3, 2023

Researcher: Chloe Chamberland

Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection

7.2

CVE-2022-4323

Jan 2, 2023

Researcher: thinhnguyen1337

WP Private Message < 1.0.6 - Insecure Direct Object Reference

7.1

CVE-2023-0453

Jan 30, 2023

Researcher: Veshraj Ghimire

Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery

7.1

CVE-2023-24382

Jan 23, 2023

Researcher: István Márton

Pods <= 2.9.10.2 - Cross-Site Request Forgery

7.1

CVE-2023-23790

Jan 20, 2023

Researcher: Rafshanzani Suhada

MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page/Post Deletion

7.1

CVE-2023-23661

Jan 17, 2023

Researcher: Dave Jong

MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page/Post Deletion

7.1

CVE-2023-23666

Jan 17, 2023

Researcher: Dave Jong

Title	CVE ID	CVSS	Researchers	Date
Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22705	7.2	Le Ngoc Anh	January 27, 2023
bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-24403	7.2	Rio Darmawan	January 27, 2023
Limit Login Attempts Plus <= 1.0.9 - Unauthenticated Stored Cross-Site Scripting		7.2		January 27, 2023
RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection	CVE-2022-47593	7.2	Le Ngoc Anh	January 20, 2023
Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting	CVE-2023-23979	7.2	yuyudhn	January 20, 2023
Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection	CVE-2022-4546	7.2	Kunal Sharma, Daniel Krohmer	January 19, 2023
WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection	CVE-2023-23824	7.2	thiennv	January 19, 2023
teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-22704	7.2	Nguyen Xuan Chien	January 17, 2023
SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection	CVE-2023-0234	7.2	So Sakaguchi	January 13, 2023
Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection	CVE-2022-47605	7.2	minhtuanact	January 13, 2023
MagicForm <= 0.1 - Cross-Site Scripting	CVE-2022-47592	7.2	minhtuanact	January 13, 2023
Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection	CVE-2023-0254	7.2	Etan Imanol Castro Aldrete	January 12, 2023
HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection	CVE-2022-4489	7.2	thinhnguyen1337	January 11, 2023
Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0038	7.2	Chloe Chamberland	January 3, 2023
Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection	CVE-2022-4323	7.2	thinhnguyen1337	January 2, 2023
WP Private Message < 1.0.6 - Insecure Direct Object Reference	CVE-2023-0453	7.1	Veshraj Ghimire	January 30, 2023
Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery	CVE-2023-24382	7.1	István Márton	January 23, 2023
Pods <= 2.9.10.2 - Cross-Site Request Forgery	CVE-2023-23790	7.1	Rafshanzani Suhada	January 20, 2023
MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page/Post Deletion	CVE-2023-23661	7.1	Dave Jong	January 17, 2023
MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page/Post Deletion	CVE-2023-23666	7.1	Dave Jong	January 17, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation