Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 61-80 of 410 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-1207

Apr 24, 2023

Researcher: qerogram

Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'

6.6

CVE-2023-0329

Apr 24, 2023

Researcher: Sanjay Das

SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection

6.6

CVE-2023-1669

Apr 5, 2023

Researcher: Nguyen Huu Do

Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

6.6

CVE-2023-1021

Apr 4, 2023

Researcher: Shreya Pohekar

Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode

6.5

CVE-2023-31073

Apr 24, 2023

Researcher: Yuki Haruma

Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders

6.5

CVE-2023-22701

Apr 19, 2023

Researcher: yuyudhn

ReviewX <= 1.6.7 - Unauthenticated CSV Injection

6.5

CVE-2022-46809

Apr 13, 2023

Researcher: Mika

Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization

6.5

CVE-2023-30479

Apr 13, 2023

Researcher: Fariq Fadillah Gusti Insani (fariqfgi)

ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard

6.5

CVE-2023-1660

Apr 12, 2023

Researcher: Erwan LR

Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion

6.5

CVE ID Unknown

Apr 7, 2023

Researchers:

YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset

6.5

CVE-2023-1865

Apr 5, 2023

Researcher: Marco Wotschka

YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset

6.5

CVE-2023-1868

Apr 5, 2023

Researcher: Marco Wotschka

Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction

6.5

CVE-2023-23719

Apr 2, 2023

Researcher: István Márton

Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags

6.4

CVE-2023-31232

Apr 28, 2023

Researcher: Yuki Haruma

User IP and Location <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-30780

Apr 28, 2023

Researcher: deokhunKim

ClickFunnels <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4782

Apr 26, 2023

Researcher: István Márton

URL Params <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0274

Apr 25, 2023

Researcher: István Márton

REST API TO MiniProgram <= 4.6.8 - Authenticated (Subscriber+) Media Attachment Deletion

6.4

CVE-2023-0551

Apr 25, 2023

Researcher: István Márton

Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode

6.4

CVE-2023-23699

Apr 24, 2023

Researcher: yuyudhn

Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-23703

Apr 24, 2023

Researcher: István Márton

Title	CVE ID	CVSS	Researchers	Date
HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection	CVE-2023-1207	6.6	qerogram	April 24, 2023
Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls'	CVE-2023-0329	6.6	Sanjay Das	April 24, 2023
SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection	CVE-2023-1669	6.6	Nguyen Huu Do	April 5, 2023
Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1021	6.6	Shreya Pohekar	April 4, 2023
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode	CVE-2023-31073	6.5	Yuki Haruma	April 24, 2023
Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders	CVE-2023-22701	6.5	yuyudhn	April 19, 2023
ReviewX <= 1.6.7 - Unauthenticated CSV Injection	CVE-2022-46809	6.5	Mika	April 13, 2023
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization	CVE-2023-30479	6.5	Fariq Fadillah Gusti Insani (fariqfgi)	April 13, 2023
ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard	CVE-2023-1660	6.5	Erwan LR	April 12, 2023
Front End Users <= 3.2.24 - Missing Authorization to Unauthenticated Registered User Deletion		6.5		April 7, 2023
YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset	CVE-2023-1865	6.5	Marco Wotschka	April 5, 2023
YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset	CVE-2023-1868	6.5	Marco Wotschka	April 5, 2023
Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction	CVE-2023-23719	6.5	István Márton	April 2, 2023
Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags	CVE-2023-31232	6.4	Yuki Haruma	April 28, 2023
User IP and Location <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-30780	6.4	deokhunKim	April 28, 2023
ClickFunnels <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4782	6.4	István Márton	April 26, 2023
URL Params <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0274	6.4	István Márton	April 25, 2023
REST API TO MiniProgram <= 4.6.8 - Authenticated (Subscriber+) Media Attachment Deletion	CVE-2023-0551	6.4	István Márton	April 25, 2023
Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode	CVE-2023-23699	6.4	yuyudhn	April 24, 2023
Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-23703	6.4	István Márton	April 24, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation