Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 821-840 of 860 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24826

Feb 2, 2022

Researcher: Francesco Carlucci

Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access

4.3

CVE-2021-24824

Feb 2, 2022

Researcher: Francesco Carlucci

Magee Shortcodes < 2.0.9 - Cross-Site Scripting

6.1

CVE ID Unknown

Jan 17, 2022

Researcher: WPScanTeam

PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode

9.9

CVE-2022-24663

Jan 4, 2022

Researcher: Ram

SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode

6.4

CVE-2021-24880

Jan 4, 2022

Researcher: apple502j

Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes

5.4

CVE-2021-24694

Dec 21, 2021

Researcher: apple502j

User meta shortcodes <= 0.5 - Improper Access Control

4.3

CVE-2021-24859

Nov 15, 2021

Researcher: Francesco Carlucci

Page/Post Content Shortcode <= 1.0 - Missing Authorization

4.3

CVE-2021-24819

Nov 15, 2021

Researcher: Francesco Carlucci

WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2021-24525

Aug 23, 2021

Researcher: apple502j

Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting

6.1

CVE-2021-24435

Aug 9, 2021

Researcher: iohex

Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode

8.8

CVE-2021-24221

Mar 26, 2021

Researcher: Nguyen Van Khanh

WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews

5.4

CVE-2019-16219

Sep 5, 2019

Researcher: Zhouyuan Yang

ND Shortcodes <= 5.9.1 - Unauthenticated WordPress Options Update

6.1

CVE-2019-15771

Jul 31, 2019

Researcher: Jerome Bruandet

Shortcode Factory <= 2.7 - Local File Inclusion

9.8

CVE-2019-15322

Jan 16, 2019

Researchers:

WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes

4.1

CVE-2018-9172

Mar 31, 2018

Researcher: ManhNho

WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution

8.8

CVE-2017-18580

Oct 31, 2017

Researcher: Robert Mathews

WordPress Core < 4.8.2 - Cross-Site Scripting via Shortcodes

6.4

CVE-2017-14726

Sep 19, 2017

Researcher: Rodolfo Assis (@brutelogic)

SQL Shortcode <= 1.1 - SQL Execution

8.8

CVE ID Unknown

Sep 2, 2017

Researcher: Paul Dannewitz

WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal

5.0

CVE-2017-2245

Jun 23, 2017

Researcher: Chris Liu

Ultimate Member <= 1.3.83 - Shortcode Injection

9.8

CVE ID Unknown

Apr 17, 2017

Researcher: James Golovich

Title	CVE ID	CVSS	Researchers	Date
Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting	CVE-2021-24826	5.4	Francesco Carlucci	February 2, 2022
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access	CVE-2021-24824	4.3	Francesco Carlucci	February 2, 2022
Magee Shortcodes < 2.0.9 - Cross-Site Scripting		6.1	WPScanTeam	January 17, 2022
PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode	CVE-2022-24663	9.9	Ram	January 4, 2022
SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode	CVE-2021-24880	6.4	apple502j	January 4, 2022
Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes	CVE-2021-24694	5.4	apple502j	December 21, 2021
User meta shortcodes <= 0.5 - Improper Access Control	CVE-2021-24859	4.3	Francesco Carlucci	November 15, 2021
Page/Post Content Shortcode <= 1.0 - Missing Authorization	CVE-2021-24819	4.3	Francesco Carlucci	November 15, 2021
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24525	5.4	apple502j	August 23, 2021
Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting	CVE-2021-24435	6.1	iohex	August 9, 2021
Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode	CVE-2021-24221	8.8	Nguyen Van Khanh	March 26, 2021
WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews	CVE-2019-16219	5.4	Zhouyuan Yang	September 5, 2019
ND Shortcodes <= 5.9.1 - Unauthenticated WordPress Options Update	CVE-2019-15771	6.1	Jerome Bruandet	July 31, 2019
Shortcode Factory <= 2.7 - Local File Inclusion	CVE-2019-15322	9.8		January 16, 2019
WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes	CVE-2018-9172	4.1	ManhNho	March 31, 2018
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution	CVE-2017-18580	8.8	Robert Mathews	October 31, 2017
WordPress Core < 4.8.2 - Cross-Site Scripting via Shortcodes	CVE-2017-14726	6.4	Rodolfo Assis (@brutelogic)	September 19, 2017
SQL Shortcode <= 1.1 - SQL Execution		8.8	Paul Dannewitz	September 2, 2017
WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal	CVE-2017-2245	5.0	Chris Liu	June 23, 2017
Ultimate Member <= 1.3.83 - Shortcode Injection		9.8	James Golovich	April 17, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation