Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 301-320 of 410 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'page'

6.1

CVE-2023-1805

Apr 10, 2023

Researcher: Erwan LR

Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-1861

Apr 10, 2023

Researcher: Marc-Alexandre Montpas

SupportCandy <= 3.1.4 - Unauthenticated SQL Injection via parse_user_filters

9.8

CVE-2023-1730

Apr 10, 2023

Researcher: dc11

MC Woocommerce Wishlist <= 1.5.4 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Apr 10, 2023

Researchers:

Download Manager Pro <= 6.2.9 - Unauthenticated Information Disclosure

5.3

CVE-2023-1809

Apr 10, 2023

Researcher: Johan Kragt

a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2023-29097

Apr 10, 2023

Researcher: Yuki Haruma

Blocksy Companion <= 1.8.81 - Authenticated(Subscriber+) Sensitive Information Exposure via blocksy_posts shortcode

4.3

CVE-2023-1911

Apr 10, 2023

Researcher: Erwan LR

Better Search <= 3.1.0 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Apr 10, 2023

Researchers:

Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'edit'

6.1

CVE-2023-1804

Apr 10, 2023

Researcher: Maurice Fielenbach

Ruby Help Desk <= 1.3.3 - Missing Authorization to Arbitrary Ticket Modification

4.3

CVE-2023-1125

Apr 10, 2023

Researcher: Ameen Alkurdy

Front End Users <= 3.2.24 - Cross-Site Request Forgery

4.3

CVE-2023-34005

Apr 7, 2023

Researcher: thiennv

PixTypes <= 1.4.14 - Cross-Site Request Forgery

4.3

CVE-2023-25487

Apr 7, 2023

Researcher: Mika

Comments Ratings <= 1.1.6 - Cross-Site Request Forgery

4.3

CVE-2023-23704

Apr 7, 2023

Researcher: yuyudhn

Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion

6.5

CVE ID Unknown

Apr 7, 2023

Researchers:

Email Subscription Popup <= 1.2.16 - Reflected Cross-Site Scripting

6.1

CVE-2023-30489

Apr 7, 2023

Researcher: minhtuanact

Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section

4.3

CVE-2023-29440

Apr 7, 2023

Researcher: Rafshanzani Suhada

Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init

4.3

CVE-2023-29422

Apr 6, 2023

Researcher: minhtuanact

WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'

4.3

CVE-2023-1919

Apr 6, 2023

Researcher: Marco Wotschka

WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'

4.3

CVE-2023-1925

Apr 6, 2023

Researcher: Marco Wotschka

Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-24418

Apr 6, 2023

Researcher: yuyudhn

Title	CVE ID	CVSS	Researchers	Date
Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'page'	CVE-2023-1805	6.1	Erwan LR	April 10, 2023
Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting	CVE-2023-1861	6.4	Marc-Alexandre Montpas	April 10, 2023
SupportCandy <= 3.1.4 - Unauthenticated SQL Injection via parse_user_filters	CVE-2023-1730	9.8	dc11	April 10, 2023
MC Woocommerce Wishlist <= 1.5.4 - Cross-Site Request Forgery		4.3		April 10, 2023
Download Manager Pro <= 6.2.9 - Unauthenticated Information Disclosure	CVE-2023-1809	5.3	Johan Kragt	April 10, 2023
a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2023-29097	6.4	Yuki Haruma	April 10, 2023
Blocksy Companion <= 1.8.81 - Authenticated(Subscriber+) Sensitive Information Exposure via blocksy_posts shortcode	CVE-2023-1911	4.3	Erwan LR	April 10, 2023
Better Search <= 3.1.0 - Cross-Site Request Forgery		4.3		April 10, 2023
Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'edit'	CVE-2023-1804	6.1	Maurice Fielenbach	April 10, 2023
Ruby Help Desk <= 1.3.3 - Missing Authorization to Arbitrary Ticket Modification	CVE-2023-1125	4.3	Ameen Alkurdy	April 10, 2023
Front End Users <= 3.2.24 - Cross-Site Request Forgery	CVE-2023-34005	4.3	thiennv	April 7, 2023
PixTypes <= 1.4.14 - Cross-Site Request Forgery	CVE-2023-25487	4.3	Mika	April 7, 2023
Comments Ratings <= 1.1.6 - Cross-Site Request Forgery	CVE-2023-23704	4.3	yuyudhn	April 7, 2023
Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion		6.5		April 7, 2023
Email Subscription Popup <= 1.2.16 - Reflected Cross-Site Scripting	CVE-2023-30489	6.1	minhtuanact	April 7, 2023
Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section	CVE-2023-29440	4.3	Rafshanzani Suhada	April 7, 2023
Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init	CVE-2023-29422	4.3	minhtuanact	April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'	CVE-2023-1919	4.3	Marco Wotschka	April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'	CVE-2023-1925	4.3	Marco Wotschka	April 6, 2023
Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-24418	4.4	yuyudhn	April 6, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation