Wordfence Intelligence   >   Search Results

Showing 1-20 of 860 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.
PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
9.9
CVE-2023-5199
Oct 29, 2023
Researcher: István Márton
OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
9.9
CVE-2023-5201
Sep 29, 2023
Researcher: István Márton
Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode
9.9
CVE-2023-4994
Sep 15, 2023
Researcher: István Márton
PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode
9.9
CVE-2022-24663
Jan 4, 2022
Researcher: Ram
BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection
9.8
CVE-2023-49773
Dec 5, 2023
Researcher: Rafie Muhammad
Shortcodes and extra features for Phlox theme <= 2.14.0 - Unauthenticated Local File Inclusion
9.8
CVE-2023-37888
Nov 15, 2023
Researcher: Rafie Muhammad
File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode
9.8
CVE-2023-2068
May 31, 2023
Researcher: Mateus Machado Tesser (F0x)
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update
9.8
CVE-2022-34487
Jun 30, 2022
Researcher: Vladislav Pokrovsky (ΞX.MI)
Shortcode Factory <= 2.7 - Local File Inclusion
9.8
CVE-2019-15322
Jan 16, 2019
Researchers:
Ultimate Member <= 1.3.83 - Shortcode Injection
9.8
CVE ID Unknown
Apr 17, 2017
Researcher: James Golovich
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution
9.8
CVE-2015-9351
Feb 2, 2015
Researcher: James Hooker
WooThemes WooFramework < 5.3.10 - Remote Code Execution via Shortcodes
9.8
CVE ID Unknown
Apr 28, 2012
Researcher: Jason Gill
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.2 - Unauthenticated Arbitrary Shortcode Execution
9.1
CVE-2024-34434
May 3, 2024
Researcher: stealthcopter
Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload
9.1
CVE-2024-31114
Mar 29, 2024
Researcher: Peng Zhou
All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode
8.8
CVE-2024-4670
May 14, 2024
Researcher: Ngô Thiên An (ancorn_)
Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
8.8
CVE-2024-3808
May 8, 2024
Researcher: István Márton
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-2831
Apr 29, 2024
Researcher: Krzysztof Zając
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes
8.8
CVE-2024-1797
Apr 26, 2024
Researcher: Bassem Essam
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
8.8
CVE-2024-3293
Apr 22, 2024
Researcher: Krzysztof Zając
Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
8.8
CVE-2024-2008
Apr 3, 2024
Researcher: Francesco Carlucci
Title CVE ID CVSS Researchers Date
PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode CVE-2023-5199 9.9 István Márton October 29, 2023
OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode CVE-2023-5201 9.9 István Márton September 29, 2023
Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode CVE-2023-4994 9.9 István Márton September 15, 2023
PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24663 9.9 Ram January 4, 2022
BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection CVE-2023-49773 9.8 Rafie Muhammad December 5, 2023
Shortcodes and extra features for Phlox theme <= 2.14.0 - Unauthenticated Local File Inclusion CVE-2023-37888 9.8 Rafie Muhammad November 15, 2023
File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode CVE-2023-2068 9.8 Mateus Machado Tesser (F0x) May 31, 2023
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update CVE-2022-34487 9.8 Vladislav Pokrovsky (ΞX.MI) June 30, 2022
Shortcode Factory <= 2.7 - Local File Inclusion CVE-2019-15322 9.8 January 16, 2019
Ultimate Member <= 1.3.83 - Shortcode Injection 9.8 James Golovich April 17, 2017
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution CVE-2015-9351 9.8 James Hooker February 2, 2015
WooThemes WooFramework < 5.3.10 - Remote Code Execution via Shortcodes 9.8 Jason Gill April 28, 2012
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.2 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-34434 9.1 stealthcopter May 3, 2024
Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload CVE-2024-31114 9.1 Peng Zhou March 29, 2024
All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode CVE-2024-4670 8.8 Ngô Thiên An (ancorn_) May 14, 2024
Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode CVE-2024-3808 8.8 István Márton May 8, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2831 8.8 Krzysztof Zając April 29, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes CVE-2024-1797 8.8 Bassem Essam April 26, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode CVE-2024-3293 8.8 Krzysztof Zając April 22, 2024
Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode CVE-2024-2008 8.8 Francesco Carlucci April 3, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation