Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 81-100 of 282 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Article Analytics <= 1.0 - Unauthenticated SQL Injection

9.8

CVE-2023-5640

Oct 27, 2023

Researcher: Nicolas Surribas

WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection

9.8

CVE-2023-5652

Oct 26, 2023

Researcher: Krzysztof Zając

LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection

9.8

CVE-2023-6030

Oct 26, 2023

Researcher: Nicolas Surribas

404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby

7.2

CVE ID Unknown

Oct 23, 2023

Researchers:

Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-2841

Oct 21, 2023

Researcher: Marco Wotschka

GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby

7.2

CVE ID Unknown

Oct 18, 2023

Researchers:

iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-5336

Oct 18, 2023

Researcher: István Márton

Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-46084

Oct 16, 2023

Researcher: minhtuanact

History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection

6.6

CVE-2023-5082

Oct 15, 2023

Researcher: Karolis Narvilas

Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2023-45830

Oct 13, 2023

Researcher: minhtuanact

Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'

8.8

CVE-2023-45657

Oct 12, 2023

Researcher: Rafie Muhammad

AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response

9.8

CVE-2023-5204

Oct 11, 2023

Researcher: Marco Wotschka

Contact Form Generator <= 2.7.1 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-35911

Oct 9, 2023

Researcher: Emili Castells

Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-28748

Oct 3, 2023

Researcher: minhtuanact

Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-45074

Oct 3, 2023

Researcher: TomS

Video Gallery – YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-45069

Oct 3, 2023

Researcher: Ravi Dharmawan

Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-45046

Oct 3, 2023

Researcher: Nithissh S

Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE ID Unknown

Oct 3, 2023

Researchers:

Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by

7.2

CVE-2023-45001

Oct 3, 2023

Researcher: Rafie Muhammad

MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-45055

Oct 3, 2023

Researcher: Truoc Phan

Title	CVE ID	CVSS	Researchers	Date
Article Analytics <= 1.0 - Unauthenticated SQL Injection	CVE-2023-5640	9.8	Nicolas Surribas	October 27, 2023
WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection	CVE-2023-5652	9.8	Krzysztof Zając	October 26, 2023
LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection	CVE-2023-6030	9.8	Nicolas Surribas	October 26, 2023
404 Solution <= 2.33.2 - Authenticated (Administrator+) SQL Injection via orderby		7.2		October 23, 2023
Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection	CVE-2023-2841	7.2	Marco Wotschka	October 21, 2023
GeoDirectory <= 2.3.28 - Authenticated (Administrator+) SQL Injection via orderby		7.2		October 18, 2023
iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2023-5336	8.8	István Márton	October 18, 2023
Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-46084	8.8	minhtuanact	October 16, 2023
History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection	CVE-2023-5082	6.6	Karolis Narvilas	October 15, 2023
Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection	CVE-2023-45830	9.8	minhtuanact	October 13, 2023
Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'	CVE-2023-45657	8.8	Rafie Muhammad	October 12, 2023
AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response	CVE-2023-5204	9.8	Marco Wotschka	October 11, 2023
Contact Form Generator <= 2.7.1 - Authenticated (Contributor+) SQL Injection	CVE-2023-35911	8.8	Emili Castells	October 9, 2023
Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection	CVE-2023-28748	8.8	minhtuanact	October 3, 2023
Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection	CVE-2023-45074	8.8	TomS	October 3, 2023
Video Gallery – YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection	CVE-2023-45069	7.2	Ravi Dharmawan	October 3, 2023
Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection	CVE-2023-45046	7.2	Nithissh S	October 3, 2023
Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection		7.2		October 3, 2023
Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by	CVE-2023-45001	7.2	Rafie Muhammad	October 3, 2023
MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection	CVE-2023-45055	8.8	Truoc Phan	October 3, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation