Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 621-640 of 641 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-0234

Jan 13, 2023

Researcher: So Sakaguchi

Hover Image <= 1.4.1 - Cross-Site Request Forgery

8.8

CVE-2022-47611

Jan 13, 2023

Researcher: Mika

ipBlockList <= 1.0 - Cross Site Request Forgery

8.8

CVE-2022-47147

Jan 13, 2023

Researcher: rezaduty

Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-46867

Jan 13, 2023

Researcher: Mika

Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery

8.8

CVE-2022-47142

Jan 13, 2023

Researcher: Cat

eExamhall <= 4.0 - Cross Site Request Forgery

8.8

CVE-2023-22681

Jan 13, 2023

Researcher: NeginNrb

YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting

7.4

CVE-2022-4833

Jan 13, 2023

Researcher: István Márton

Superior FAQ <= 1.0.2 - Cross Site Request Forgery

8.8

CVE-2023-22678

Jan 13, 2023

Researcher: NeginNrb

WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVE-2023-0174

Jan 12, 2023

Researcher: István Márton

WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVE-2022-4824

Jan 12, 2023

Researcher: István Márton

Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0254

Jan 12, 2023

Researcher: Etan Imanol Castro Aldrete

Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-23490

Jan 12, 2023

Researcher: Joshua Martinelle

Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVE-2023-0176

Jan 12, 2023

Researcher: István Márton

Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.4

CVE-2022-4677

Jan 12, 2023

Researcher: István Márton

HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection

7.2

CVE-2022-4489

Jan 11, 2023

Researcher: thinhnguyen1337

User Meta Manager <= 3.4.9 - Cross Site Request Forgery

8.8

CVE-2023-23712

Jan 10, 2023

Researcher: thiennv

YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode

7.4

CVE-2022-4833

Jan 10, 2023

Researcher: István Márton

WPDating <= 7.4.1 - Arbitrary File Upload

8.8

CVE ID Unknown

Jan 9, 2023

Researchers:

Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0038

Jan 3, 2023

Researcher: Chloe Chamberland

My Calendar <= 3.3.24.1 - Cross-Site Request Forgery

7.1

CVE-2022-47427

Jan 3, 2023

Researcher: rezaduty

Title	CVE ID	CVSS	Researchers	Date
SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection	CVE-2023-0234	7.2	So Sakaguchi	January 13, 2023
Hover Image <= 1.4.1 - Cross-Site Request Forgery	CVE-2022-47611	8.8	Mika	January 13, 2023
ipBlockList <= 1.0 - Cross Site Request Forgery	CVE-2022-47147	8.8	rezaduty	January 13, 2023
Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-46867	8.8	Mika	January 13, 2023
Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery	CVE-2022-47142	8.8	Cat	January 13, 2023
eExamhall <= 4.0 - Cross Site Request Forgery	CVE-2023-22681	8.8	NeginNrb	January 13, 2023
YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2022-4833	7.4	István Márton	January 13, 2023
Superior FAQ <= 1.0.2 - Cross Site Request Forgery	CVE-2023-22678	8.8	NeginNrb	January 13, 2023
WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0174	7.4	István Márton	January 12, 2023
WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4824	7.4	István Márton	January 12, 2023
Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection	CVE-2023-0254	7.2	Etan Imanol Castro Aldrete	January 12, 2023
Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-23490	8.8	Joshua Martinelle	January 12, 2023
Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0176	7.4	István Márton	January 12, 2023
Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4677	7.4	István Márton	January 12, 2023
HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection	CVE-2022-4489	7.2	thinhnguyen1337	January 11, 2023
User Meta Manager <= 3.4.9 - Cross Site Request Forgery	CVE-2023-23712	8.8	thiennv	January 10, 2023
YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode	CVE-2022-4833	7.4	István Márton	January 10, 2023
WPDating <= 7.4.1 - Arbitrary File Upload		8.8		January 9, 2023
Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0038	7.2	Chloe Chamberland	January 3, 2023
My Calendar <= 3.3.24.1 - Cross-Site Request Forgery	CVE-2022-47427	7.1	rezaduty	January 3, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation