Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 361-380 of 410 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-29438

Apr 6, 2023

Researcher: Rio Darmawan

Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-1913

Apr 6, 2023

Researcher: Marco Wotschka

Hustle <= 7.6.4 = Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE ID Unknown

Apr 6, 2023

Researchers:

Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax

4.3

CVE ID Unknown

Apr 6, 2023

Researcher: Abdi Pranata

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update

4.3

CVE-2023-1870

Apr 5, 2023

Researcher: Marco Wotschka

Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Apr 5, 2023

Researchers:

WCFM Frontend Manager <= 6.6.0 - Missing Authorization

6.3

CVE-2022-4937

Apr 5, 2023

Researcher: Chloe Chamberland

Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options

8.8

CVE-2021-4334

Apr 5, 2023

Researcher: Ram

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset

5.4

CVE-2023-1871

Apr 5, 2023

Researcher: Marco Wotschka

SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection

6.6

CVE-2023-1669

Apr 5, 2023

Researcher: Nguyen Huu Do

WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

9.8

CVE-2022-4939

Apr 5, 2023

Researcher: Chloe Chamberland

YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset

6.5

CVE-2023-1865

Apr 5, 2023

Researcher: Marco Wotschka

WCFM Membership <= 2.9.10 - Cross-Site Request Forgery

6.3

CVE-2022-4941

Apr 5, 2023

Researcher: Chloe Chamberland

Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-0891

Apr 5, 2023

Researcher: xplo1t

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset

5.4

CVE-2023-1866

Apr 5, 2023

Researcher: Marco Wotschka

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change

5.4

CVE-2023-1867

Apr 5, 2023

Researcher: Marco Wotschka

YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

6.5

CVE-2023-1868

Apr 5, 2023

Researcher: Marco Wotschka

Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

6.4

CVE-2023-1403

Apr 5, 2023

Researcher: Ram

WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery

6.3

CVE-2022-4936

Apr 5, 2023

Researcher: Chloe Chamberland

Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-1525

Apr 5, 2023

Researcher: Shreya Pohekar

Title	CVE ID	CVSS	Researchers	Date
SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-29438	4.4	Rio Darmawan	April 6, 2023
Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1913	4.4	Marco Wotschka	April 6, 2023
Hustle <= 7.6.4 = Authenticated (Administrator+) Stored Cross-Site Scripting		4.4		April 6, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax		4.3	Abdi Pranata	April 6, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update	CVE-2023-1870	4.3	Marco Wotschka	April 5, 2023
Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery		4.3		April 5, 2023
WCFM Frontend Manager <= 6.6.0 - Missing Authorization	CVE-2022-4937	6.3	Chloe Chamberland	April 5, 2023
Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options	CVE-2021-4334	8.8	Ram	April 5, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset	CVE-2023-1871	5.4	Marco Wotschka	April 5, 2023
SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection	CVE-2023-1669	6.6	Nguyen Huu Do	April 5, 2023
WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation	CVE-2022-4939	9.8	Chloe Chamberland	April 5, 2023
YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset	CVE-2023-1865	6.5	Marco Wotschka	April 5, 2023
WCFM Membership <= 2.9.10 - Cross-Site Request Forgery	CVE-2022-4941	6.3	Chloe Chamberland	April 5, 2023
Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-0891	6.4	xplo1t	April 5, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset	CVE-2023-1866	5.4	Marco Wotschka	April 5, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change	CVE-2023-1867	5.4	Marco Wotschka	April 5, 2023
YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset	CVE-2023-1868	6.5	Marco Wotschka	April 5, 2023
Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name	CVE-2023-1403	6.4	Ram	April 5, 2023
WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery	CVE-2022-4936	6.3	Chloe Chamberland	April 5, 2023
Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1525	4.4	Shreya Pohekar	April 5, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation