Search Results

🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Search Results

Showing 81-100 of 860 search results

Refine your search

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

6.5

CVE-2023-6695

Apr 3, 2024

Researcher: Francesco Carlucci

Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting

6.1

CVE-2024-30558

Mar 29, 2024

Researcher: Dimas Maulana

Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

7.2

CVE-2024-2948

Mar 29, 2024

Researcher: Krzysztof Zając

WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-2847

Mar 29, 2024

Researcher: Krzysztof Zając

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

9.1

CVE-2024-31114

Mar 29, 2024

Researcher: Peng Zhou

Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization

4.3

CVE-2024-31099

Mar 29, 2024

Researcher: Rafie Muhammad

AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-31101

Mar 29, 2024

Researcher: Ngô Thiên An (ancorn_)

Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-2456

Mar 29, 2024

Researcher: Krzysztof Zając

Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode

8.8

CVE-2024-1872

Mar 28, 2024

Researcher: Francesco Carlucci

Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-6967

Mar 28, 2024

Researcher: Nex Team

Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode

6.4

CVE-2024-2475

Mar 28, 2024

Researcher: stealthcopter

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-2783

Mar 27, 2024

Researcher: Krzysztof Zając

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2024-1990

Mar 26, 2024

Researcher: Krzysztof Zając

Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29797

Mar 25, 2024

Researcher: Ngô Thiên An (ancorn_)

Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-2303

Mar 25, 2024

Researcher: Tien Luong

Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-30197

Mar 25, 2024

Researcher: LVT-tholv2k

Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2024-29771

Mar 25, 2024

Researcher: LVT-tholv2k

Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-29933

Mar 25, 2024

Researcher: LVT-tholv2k

Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-30184

Mar 25, 2024

Researcher: LVT-tholv2k

WP User Profile Avatar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6067

Mar 25, 2024

Researcher: Dmitrii Ignatyev

Title	CVE ID	CVSS	Researchers	Date
Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode	CVE-2023-6695	6.5	Francesco Carlucci	April 3, 2024
Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting	CVE-2024-30558	6.1	Dimas Maulana	March 29, 2024
Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-2948	7.2	Krzysztof Zając	March 29, 2024
WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-2847	6.4	Krzysztof Zając	March 29, 2024
Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-31114	9.1	Peng Zhou	March 29, 2024
Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization	CVE-2024-31099	4.3	Rafie Muhammad	March 29, 2024
AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-31101	6.4	Ngô Thiên An (ancorn_)	March 29, 2024
Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-2456	6.4	Krzysztof Zając	March 29, 2024
Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode	CVE-2024-1872	8.8	Francesco Carlucci	March 28, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2023-6967	8.8	Nex Team	March 28, 2024
Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode	CVE-2024-2475	6.4	stealthcopter	March 28, 2024
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-2783	6.4	Krzysztof Zając	March 27, 2024
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2024-1990	8.8	Krzysztof Zając	March 26, 2024
Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29797	6.4	Ngô Thiên An (ancorn_)	March 25, 2024
Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-2303	6.4	Tien Luong	March 25, 2024
Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-30197	6.4	LVT-tholv2k	March 25, 2024
Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2024-29771	6.4	LVT-tholv2k	March 25, 2024
Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-29933	6.4	LVT-tholv2k	March 25, 2024
Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-30184	6.4	LVT-tholv2k	March 25, 2024
WP User Profile Avatar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6067	6.4	Dmitrii Ignatyev	March 25, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation