Wordfence Intelligence   >   Search Results

Showing 41-60 of 641 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.
ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection
8.8
CVE-2023-6373
Dec 7, 2023
Researchers: Enrico Marcolini, Claudio Marchesini (Dottormarc)
Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
8.8
CVE-2023-49856
Dec 7, 2023
Researcher: Abdi Pranata
Elementor <= 3.18.1 - Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import
8.8
CVE-2023-48777
Dec 6, 2023
Researcher: Hong Quan
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload
7.2
CVE-2023-49814
Dec 5, 2023
Researcher: Rafie Muhammad
Structured Content <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection
8.8
CVE-2023-49819
Dec 5, 2023
Researcher: LVT-tholv2k
Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2023-49825
Dec 5, 2023
Researcher: Rafie Muhammad
Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox
8.8
CVE-2023-49830
Dec 5, 2023
Researcher: Rafie Muhammad
Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
8.1
CVE-2023-6220
Dec 4, 2023
Researcher: István Márton
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-49764
Dec 4, 2023
Researcher: Mika
Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure
7.5
CVE-2023-6266
Nov 30, 2023
Researcher: Rafshanzani Suhada
Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection
8.8
CVE-2023-6528
Nov 30, 2023
Researchers: Vaibhav Rajput, Prajyot Chemburkar
CF7 Google Sheets Connector <= 5.0.5 - Unauthenticated Sensitive Information Exposure via Debug Log
7.5
CVE-2023-44989
Nov 30, 2023
Researcher: Joshua Chan
rtMedia for WordPress, BuddyPress and bbPress WordPress <= 4.6.15 - Authenticated (Admin+) Arbitrary File Upload
7.2
CVE-2023-5939
Nov 29, 2023
Researcher: Alex Sanford
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2023-5931
Nov 29, 2023
Researcher: Krzysztof Zając
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-49166
Nov 29, 2023
Researcher: Mika
WP Cleanfix <= 5.6.2 - Missing Authorization via register
7.1
CVE-2023-48775
Nov 28, 2023
Researcher: Abdi Pranata
JetEngine <= 3.2.4 - Missing Authorization
7.1
CVE-2023-48758
Nov 28, 2023
Researcher: Rafie Muhammad
WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL injection via key
8.8
CVE-2023-5645
Nov 28, 2023
Researcher: dc11
SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery
7.1
CVE-2023-48766
Nov 28, 2023
Researcher: Abdi Pranata
CommentLuv <= 3.0.4 - Server Side Request Forgery via do_click
8.2
CVE-2023-49159
Nov 28, 2023
Researcher: Yuchen Ji
Title CVE ID CVSS Researchers Date
ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection CVE-2023-6373 8.8 Enrico Marcolini, Claudio Marchesini (Dottormarc) December 7, 2023
Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update CVE-2023-49856 8.8 Abdi Pranata December 7, 2023
Elementor <= 3.18.1 - Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import CVE-2023-48777 8.8 Hong Quan December 6, 2023
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload CVE-2023-49814 7.2 Rafie Muhammad December 5, 2023
Structured Content <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection CVE-2023-49819 8.8 LVT-tholv2k December 5, 2023
Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection CVE-2023-49825 8.8 Rafie Muhammad December 5, 2023
Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox CVE-2023-49830 8.8 Rafie Muhammad December 5, 2023
Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload CVE-2023-6220 8.1 István Márton December 4, 2023
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection CVE-2023-49764 7.2 Mika December 4, 2023
Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure CVE-2023-6266 7.5 Rafshanzani Suhada November 30, 2023
Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection CVE-2023-6528 8.8 Vaibhav Rajput, Prajyot Chemburkar November 30, 2023
CF7 Google Sheets Connector <= 5.0.5 - Unauthenticated Sensitive Information Exposure via Debug Log CVE-2023-44989 7.5 Joshua Chan November 30, 2023
rtMedia for WordPress, BuddyPress and bbPress WordPress <= 4.6.15 - Authenticated (Admin+) Arbitrary File Upload CVE-2023-5939 7.2 Alex Sanford November 29, 2023
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2023-5931 8.8 Krzysztof Zając November 29, 2023
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection CVE-2023-49166 7.2 Mika November 29, 2023
WP Cleanfix <= 5.6.2 - Missing Authorization via register CVE-2023-48775 7.1 Abdi Pranata November 28, 2023
JetEngine <= 3.2.4 - Missing Authorization CVE-2023-48758 7.1 Rafie Muhammad November 28, 2023
WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL injection via key CVE-2023-5645 8.8 dc11 November 28, 2023
SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery CVE-2023-48766 7.1 Abdi Pranata November 28, 2023
CommentLuv <= 3.0.4 - Server Side Request Forgery via do_click CVE-2023-49159 8.2 Yuchen Ji November 28, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation