Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 1-20 of 453 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

WooLentor <= 2.5.3 - PHP Object Injection

9.8

CVE-2023-0232

Jan 28, 2023

Researcher: WPScanTeam

JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-46839

Jan 27, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion

9.8

CVE-2022-47615

Jan 20, 2023

Researcher: Rafie Muhammad

FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection

9.8

CVE-2022-4445

Jan 20, 2023

Researcher: cydave

LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection

9.8

CVE-2022-45808

Jan 20, 2023

Researcher: Fadilah Agung Nugraha

GiveWP <= 2.23.2 - Unauthenticated SQL Injection

9.8

CVE-2023-0224

Jan 19, 2023

Researchers:

MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-23656

Jan 18, 2023

Researcher: Dave Jong

MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection

9.8

CVE-2023-23737

Jan 18, 2023

Researcher: Dave Jong

MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection

9.8

CVE-2023-23649

Jan 18, 2023

Researcher: Dave Jong

Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection

9.8

CVE-2023-23488

Jan 12, 2023

Researcher: Joshua Martinelle

Easy Digital Downloads < 3.1.0.4 - SQL Injection

9.8

CVE-2023-23489

Jan 12, 2023

Researcher: Joshua Martinelle

Hide My WP < 6.2.9 - Unauthenticated SQL Injection

9.8

CVE-2022-4681

Jan 11, 2023

Researcher: Xenofon Vassilakopoulos

10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection

9.8

CVE ID Unknown

Jan 11, 2023

Researchers:

ContentStudio <= 1.2.5 - Missing Authorization

9.8

CVE-2023-0556

Jan 6, 2023

Researcher: Marco Wotschka

Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-4395

Jan 4, 2023

Researcher: cydave

Amazon Affiliate <= 3.12.2 - Reflected File Download

9.8

CVE-2022-4794

Jan 4, 2023

Researcher: Daniel Ruf

Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection

9.1

CVE-2022-47588

Jan 27, 2023

Researcher: minhtuanact

JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update

9.1

CVE-2022-46838

Jan 27, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion

9.1

CVE-2023-0159

Jan 23, 2023

Researcher: dc11

WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update

9.1

CVE-2022-4872

Jan 4, 2023

Researcher: WPScanTeam

Title	CVE ID	CVSS	Researchers	Date
WooLentor <= 2.5.3 - PHP Object Injection	CVE-2023-0232	9.8	WPScanTeam	January 28, 2023
JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload	CVE-2022-46839	9.8	Vladislav Pokrovsky (ΞX.MI)	January 27, 2023
LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion	CVE-2022-47615	9.8	Rafie Muhammad	January 20, 2023
FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection	CVE-2022-4445	9.8	cydave	January 20, 2023
LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection	CVE-2022-45808	9.8	Fadilah Agung Nugraha	January 20, 2023
GiveWP <= 2.23.2 - Unauthenticated SQL Injection	CVE-2023-0224	9.8		January 19, 2023
MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload	CVE-2023-23656	9.8	Dave Jong	January 18, 2023
MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection	CVE-2023-23737	9.8	Dave Jong	January 18, 2023
MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection	CVE-2023-23649	9.8	Dave Jong	January 18, 2023
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection	CVE-2023-23488	9.8	Joshua Martinelle	January 12, 2023
Easy Digital Downloads < 3.1.0.4 - SQL Injection	CVE-2023-23489	9.8	Joshua Martinelle	January 12, 2023
Hide My WP < 6.2.9 - Unauthenticated SQL Injection	CVE-2022-4681	9.8	Xenofon Vassilakopoulos	January 11, 2023
10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection		9.8		January 11, 2023
ContentStudio <= 1.2.5 - Missing Authorization	CVE-2023-0556	9.8	Marco Wotschka	January 6, 2023
Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload	CVE-2022-4395	9.8	cydave	January 4, 2023
Amazon Affiliate <= 3.12.2 - Reflected File Download	CVE-2022-4794	9.8	Daniel Ruf	January 4, 2023
Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection	CVE-2022-47588	9.1	minhtuanact	January 27, 2023
JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update	CVE-2022-46838	9.1	Vladislav Pokrovsky (ΞX.MI)	January 27, 2023
Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion	CVE-2023-0159	9.1	dc11	January 23, 2023
WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update	CVE-2022-4872	9.1	WPScanTeam	January 4, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation