Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 161-180 of 195 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

ARMember <= 3.4.11 - Unauthenticated SQL Injection

9.8

CVE-2022-46808

Mar 27, 2023

Researcher: Le Ngoc Anh

WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation

9.8

CVE-2023-28121

Mar 23, 2023

Researcher: mikemyers

Lead Generated <= 1.23 - Unauthenticated PHP Object Injection

9.8

CVE-2023-28667

Mar 20, 2023

Researcher: Joshua Martinelle

Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2022-47445

Mar 15, 2023

Researcher: TEAM WEBoB of BoB 11th

LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX

9.8

CVE ID Unknown

Mar 10, 2023

Researchers:

Houzez <= 2.7.1 - Privilege Escalation

9.8

CVE-2023-26540

Feb 27, 2023

Researcher: Dave Jong

Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData

9.8

CVE-2023-25960

Feb 24, 2023

Researcher: Dave Jong

Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload

9.8

CVE-2023-25970

Feb 24, 2023

Researcher: Dave Jong

Houzez Login Register <= 2.6.3 - Privilege Escalation

9.8

CVE-2023-26009

Feb 23, 2023

Researcher: Dave Jong

Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution

9.1

CVE-2023-25699

Feb 20, 2023

Researcher: minhtuanact

10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters

9.8

CVE-2023-0037

Feb 20, 2023

Researchers: Daniel Krohmer, Kunal Sharma

GamiPress <= 2.5.7 - Unauthenticated SQL Injection

9.8

CVE-2023-24000

Feb 14, 2023

Researcher: Dave Jong

WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota

9.8

CVE-2023-25701

Feb 14, 2023

Researcher: Dave Jong

WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-4328

Feb 13, 2023

Researcher: cydave

Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism

9.8

CVE-2023-2297

Feb 13, 2023

Researcher: István Márton

WooLentor <= 2.5.3 - PHP Object Injection

9.8

CVE-2023-0232

Jan 28, 2023

Researcher: WPScanTeam

Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection

9.1

CVE-2022-47588

Jan 27, 2023

Researcher: minhtuanact

JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update

9.1

CVE-2022-46838

Jan 27, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-46839

Jan 27, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion

9.1

CVE-2023-0159

Jan 23, 2023

Researcher: dc11

Title	CVE ID	CVSS	Researchers	Date
ARMember <= 3.4.11 - Unauthenticated SQL Injection	CVE-2022-46808	9.8	Le Ngoc Anh	March 27, 2023
WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation	CVE-2023-28121	9.8	mikemyers	March 23, 2023
Lead Generated <= 1.23 - Unauthenticated PHP Object Injection	CVE-2023-28667	9.8	Joshua Martinelle	March 20, 2023
Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection	CVE-2022-47445	9.8	TEAM WEBoB of BoB 11th	March 15, 2023
LeadSnap <= 1.23 - Unauthenticated PHP Object Injection via AJAX		9.8		March 10, 2023
Houzez <= 2.7.1 - Privilege Escalation	CVE-2023-26540	9.8	Dave Jong	February 27, 2023
Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData	CVE-2023-25960	9.8	Dave Jong	February 24, 2023
Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload	CVE-2023-25970	9.8	Dave Jong	February 24, 2023
Houzez Login Register <= 2.6.3 - Privilege Escalation	CVE-2023-26009	9.8	Dave Jong	February 23, 2023
Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution	CVE-2023-25699	9.1	minhtuanact	February 20, 2023
10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters	CVE-2023-0037	9.8	Daniel Krohmer, Kunal Sharma	February 20, 2023
GamiPress <= 2.5.7 - Unauthenticated SQL Injection	CVE-2023-24000	9.8	Dave Jong	February 14, 2023
WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota	CVE-2023-25701	9.8	Dave Jong	February 14, 2023
WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload	CVE-2022-4328	9.8	cydave	February 13, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism	CVE-2023-2297	9.8	István Márton	February 13, 2023
WooLentor <= 2.5.3 - PHP Object Injection	CVE-2023-0232	9.8	WPScanTeam	January 28, 2023
Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection	CVE-2022-47588	9.1	minhtuanact	January 27, 2023
JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update	CVE-2022-46838	9.1	Vladislav Pokrovsky (ΞX.MI)	January 27, 2023
JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload	CVE-2022-46839	9.8	Vladislav Pokrovsky (ΞX.MI)	January 27, 2023
Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion	CVE-2023-0159	9.1	dc11	January 23, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation