Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 41-60 of 410 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting

7.2

CVE-2023-1019

Apr 19, 2023

Researcher: Ameen Alkurdy

Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47432

Apr 19, 2023

Researcher: minhtuanact

The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47430

Apr 19, 2023

Researcher: minhtuanact

Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection

7.2

CVE-2023-1549

Apr 19, 2023

Researcher: Nguyen Huu Do

WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-4712

Apr 19, 2023

Researcher: Ram

Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-1408

Apr 17, 2023

Researchers: zhangyunpei, Yeting Li VARAS@IIE

NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-2114

Apr 17, 2023

Researcher: Alexander Schmid

Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting

7.2

CVE-2023-28535

Apr 14, 2023

Researcher: qilin_99

WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-27605

Apr 14, 2023

Researcher: Mika

Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select'

7.2

CVE-2023-24379

Apr 13, 2023

Researcher: yuyudhn

Neshan Maps <= 1.1.4 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-47426

Apr 13, 2023

Researchers:

Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-1912

Apr 6, 2023

Researcher: Marco Wotschka

ShiftController Employee Shift Scheduling <= 4.9.23 - Unauthenticated Stored Cross-Site Scripting via 'hc-title'

7.2

CVE-2023-29424

Apr 6, 2023

Researcher: thiennv

Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby

7.2

CVE-2023-27610

Apr 6, 2023

Researcher: Mika

Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-0924

Apr 4, 2023

Researcher: Yogesh Verma

Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting

7.2

CVE-2023-1420

Apr 3, 2023

Researcher: Erwan LR

Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0899

Apr 3, 2023

Researchers: Simone Onofri, Donato Onofri

CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-29098

Apr 3, 2023

Researcher: Elliot

Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-29171

Apr 3, 2023

Researcher: minhtuanact

Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions

7.1

CVE-2023-27424

Apr 24, 2023

Researcher: Mika

Title	CVE ID	CVSS	Researchers	Date
Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-1019	7.2	Ameen Alkurdy	April 19, 2023
Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection	CVE-2022-47432	7.2	minhtuanact	April 19, 2023
The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection	CVE-2022-47430	7.2	minhtuanact	April 19, 2023
Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection	CVE-2023-1549	7.2	Nguyen Huu Do	April 19, 2023
WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-4712	7.2	Ram	April 19, 2023
Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection	CVE-2023-1408	7.2	zhangyunpei, Yeting Li VARAS@IIE	April 17, 2023
NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection	CVE-2023-2114	7.2	Alexander Schmid	April 17, 2023
Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting	CVE-2023-28535	7.2	qilin_99	April 14, 2023
WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection	CVE-2023-27605	7.2	Mika	April 14, 2023
Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select'	CVE-2023-24379	7.2	yuyudhn	April 13, 2023
Neshan Maps <= 1.1.4 - Authenticated (Administrator+) SQL Injection	CVE-2022-47426	7.2		April 13, 2023
Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-1912	7.2	Marco Wotschka	April 6, 2023
ShiftController Employee Shift Scheduling <= 4.9.23 - Unauthenticated Stored Cross-Site Scripting via 'hc-title'	CVE-2023-29424	7.2	thiennv	April 6, 2023
Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby	CVE-2023-27610	7.2	Mika	April 6, 2023
Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-0924	7.2	Yogesh Verma	April 4, 2023
Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting	CVE-2023-1420	7.2	Erwan LR	April 3, 2023
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0899	7.2	Simone Onofri, Donato Onofri	April 3, 2023
CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-29098	7.2	Elliot	April 3, 2023
Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-29171	7.2	minhtuanact	April 3, 2023
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions	CVE-2023-27424	7.1	Mika	April 24, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation