Wordfence Intelligence   >   Search Results

Showing 61-80 of 410 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.
Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-31091
Apr 24, 2023
Researcher: Pavitra Tiwari
Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
5.5
CVE-2023-28693
Apr 24, 2023
Researcher: qilin_99
Simple Giveaways <= 2.46 - Cross-Site Request Forgery
5.4
CVE-2023-31086
Apr 24, 2023
Researcher: Mika
XML for Google Merchant Center <= 3.0.1 - Reflected Cross-Site Scripting via page parameter
6.1
CVE-2023-30877
Apr 24, 2023
Researcher: LEE SE HYOUNG
BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby'
7.2
CVE-2023-30872
Apr 24, 2023
Researcher: TomS
Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-23703
Apr 24, 2023
Researcher: István Márton
WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings
4.3
CVE-2023-27623
Apr 24, 2023
Researcher: Abdi Pranata
NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27422
Apr 24, 2023
Researcher: Pavitra Tiwari
Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
5.5
CVE-2023-28693
Apr 24, 2023
Researcher: qilin_99
Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id
8.8
CVE-2023-30495
Apr 24, 2023
Researcher: Ivy (TOOR, Lisa)
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions
7.1
CVE-2023-27424
Apr 24, 2023
Researcher: Mika
WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection
9.8
CVE-2023-0600
Apr 24, 2023
Researcher: Trần Quốc Trường An
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'
6.6
CVE-2023-0329
Apr 24, 2023
Researcher: Sanjay Das
Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting
6.1
CVE-2023-0644
Apr 24, 2023
Researcher: Shreya Pohekar
Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter
6.1
CVE-2023-31094
Apr 24, 2023
Researcher: Ivy (TOOR, Lisa)
Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode
6.4
CVE-2023-31079
Apr 24, 2023
Researcher: Mika
Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php
6.1
CVE-2023-31072
Apr 24, 2023
Researcher: minhtuanact
Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter
6.1
CVE-2023-31076
Apr 24, 2023
Researcher: thiennv
Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27416
Apr 24, 2023
Researcher: Pavitra Tiwari
Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title'
6.1
CVE-2023-1835
Apr 24, 2023
Researcher: Erwan LR
Title CVE ID CVSS Researchers Date
Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-31091 4.4 Pavitra Tiwari April 24, 2023
Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-28693 5.5 qilin_99 April 24, 2023
Simple Giveaways <= 2.46 - Cross-Site Request Forgery CVE-2023-31086 5.4 Mika April 24, 2023
XML for Google Merchant Center <= 3.0.1 - Reflected Cross-Site Scripting via page parameter CVE-2023-30877 6.1 LEE SE HYOUNG April 24, 2023
BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby' CVE-2023-30872 7.2 TomS April 24, 2023
Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-23703 6.4 István Márton April 24, 2023
WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings CVE-2023-27623 4.3 Abdi Pranata April 24, 2023
NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27422 4.4 Pavitra Tiwari April 24, 2023
Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2023-28693 5.5 qilin_99 April 24, 2023
Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id CVE-2023-30495 8.8 Ivy (TOOR, Lisa) April 24, 2023
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions CVE-2023-27424 7.1 Mika April 24, 2023
WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection CVE-2023-0600 9.8 Trần Quốc Trường An April 24, 2023
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls' CVE-2023-0329 6.6 Sanjay Das April 24, 2023
Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting CVE-2023-0644 6.1 Shreya Pohekar April 24, 2023
Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter CVE-2023-31094 6.1 Ivy (TOOR, Lisa) April 24, 2023
Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode CVE-2023-31079 6.4 Mika April 24, 2023
Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php CVE-2023-31072 6.1 minhtuanact April 24, 2023
Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter CVE-2023-31076 6.1 thiennv April 24, 2023
Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27416 4.4 Pavitra Tiwari April 24, 2023
Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title' CVE-2023-1835 6.1 Erwan LR April 24, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation