Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 21-40 of 860 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

6.5

CVE-2024-3957

May 1, 2024

Researcher: stealthcopter

WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-4000

Apr 30, 2024

Researcher: Krzysztof Zając

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization

4.3

CVE-2024-3936

Apr 30, 2024

Researcher: Pavel Palii

Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode

7.5

CVE-2024-1896

Apr 29, 2024

Researcher: Francesco Carlucci

Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode

7.5

CVE-2024-1897

Apr 29, 2024

Researcher: Francesco Carlucci

Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2024-2831

Apr 29, 2024

Researcher: Krzysztof Zając

All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-3554

Apr 29, 2024

Researcher: Krzysztof Zając

Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-3674

Apr 29, 2024

Researcher: Krzysztof Zając

Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display

5.3

CVE-2024-2109

Apr 29, 2024

Researcher: Krzysztof Zając

WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-3550

Apr 29, 2024

Researcher: stealthcopter

WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes

8.8

CVE-2024-1797

Apr 26, 2024

Researcher: Bassem Essam

WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-1572

Apr 26, 2024

Researcher: Richard Telleng (stueotue)

Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal

4.3

CVE-2024-4233

Apr 26, 2024

Researcher: Dhabaleshwar Das

WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox

6.4

CVE-2024-4542

Apr 24, 2024

Researcher: Dmitrii Ignatyev

Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

5.4

CVE-2024-3730

Apr 24, 2024

Researcher: Thanh Nam Tran

Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay

6.4

CVE-2024-3929

Apr 24, 2024

Researcher: wesley (wcraft)

FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

6.5

CVE-2024-3734

Apr 24, 2024

Researcher: stealthcopter

Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

5.4

CVE-2024-3994

Apr 24, 2024

Researcher: wesley (wcraft)

Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-7030

Apr 23, 2024

Researcher: Richard Telleng (stueotue)

Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode

5.4

CVE-2024-3340

Apr 22, 2024

Researcher: Ngô Thiên An (ancorn_)

Title	CVE ID	CVSS	Researchers	Date
Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution	CVE-2024-3957	6.5	stealthcopter	May 1, 2024
WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-4000	6.4	Krzysztof Zając	April 30, 2024
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization	CVE-2024-3936	4.3	Pavel Palii	April 30, 2024
Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode	CVE-2024-1896	7.5	Francesco Carlucci	April 29, 2024
Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode	CVE-2024-1897	7.5	Francesco Carlucci	April 29, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2024-2831	8.8	Krzysztof Zając	April 29, 2024
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-3554	6.4	Krzysztof Zając	April 29, 2024
Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-3674	6.4	Krzysztof Zając	April 29, 2024
Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display	CVE-2024-2109	5.3	Krzysztof Zając	April 29, 2024
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-3550	6.4	stealthcopter	April 29, 2024
WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes	CVE-2024-1797	8.8	Bassem Essam	April 26, 2024
WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-1572	6.4	Richard Telleng (stueotue)	April 26, 2024
Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal	CVE-2024-4233	4.3	Dhabaleshwar Das	April 26, 2024
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox	CVE-2024-4542	6.4	Dmitrii Ignatyev	April 24, 2024
Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-3730	5.4	Thanh Nam Tran	April 24, 2024
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay	CVE-2024-3929	6.4	wesley (wcraft)	April 24, 2024
FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution	CVE-2024-3734	6.5	stealthcopter	April 24, 2024
Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode	CVE-2024-3994	5.4	wesley (wcraft)	April 24, 2024
Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-7030	6.4	Richard Telleng (stueotue)	April 23, 2024
Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode	CVE-2024-3340	5.4	Ngô Thiên An (ancorn_)	April 22, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation