WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting
6.1
CVE-2021-24233
Mar 30, 2021
Researcher: Jinson Varghese Behanan
GiveWP 2.4.0 - 2.9.7 - Reflected Cross Site Scripting
6.1
CVE-2021-24213
Mar 23, 2021
Researcher: Austin Bentley
Elementor Website Builder <= 3.4.7 - DOM-based Cross-Site Scripting
6.1
CVE-2021-24891
Mar 23, 2021
Researcher: Joel Beleña
Directory & Listing < 1.6.0 - Reflected Cross-Site Scripting
6.1
CVE-2021-24320
Mar 21, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
PhastPress <= 1.110 - Open Redirect
6.1
CVE-2021-24210
Mar 19, 2021
Researcher: Felipe Restrepo Rodriguez (pfelilpe)
SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting
6.1
CVE-2021-24187
Mar 16, 2021
Researcher: Nguyen Anh Tien
Social Slider Widget <= 1.8.4 - Reflected Cross-Site Scripting
6.1
CVE-2021-24196
Mar 14, 2021
Researcher: purine chu
JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2021-24176
Mar 11, 2021
Researcher: Ganesh Bagaria
Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting
6.1
CVE-2021-24169
Mar 3, 2021
Researcher: 0xB9
Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery
6.1
CVE ID Unknown
Feb 27, 2021
Researcher: Mr.F
NextGen Gallery Pro <= 3.1.9 - Reflected Cross-Site Scripting
6.1
CVE-2021-24293
Feb 24, 2021
Researcher: Thura Moe Myint (mgthuramoemyint)
Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting
6.1
CVE ID Unknown
Feb 23, 2021
Researchers:
Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect
6.1
CVE-2021-24165
Feb 16, 2021
Researcher: Chloe Chamberland
Zebra_Form PHP library <= 2.9.8 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Feb 14, 2021
Researcher: WPScanTeam
Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Cross-Site Scripting
6.1
CVE-2021-24317
Feb 10, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
Goto - Tour & Travel WordPress Theme < 2.0 - Reflected Cross-Site Scripting
6.1
CVE-2021-24235
Feb 10, 2021
Researcher: Vladislav Pokrovsky (ΞX.MI)
Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting
6.1
CVE-2022-1164
Feb 6, 2021
Researcher: Daniel Ruf
Photo Gallery <= 1.5.67 - Reflected Cross-Site Scripting
6.1
CVE-2021-25041
Feb 3, 2021
Researcher: Thura Moe Myint (mgthuramoemyint)
Popup Builder <= 3.73 - Reflected Cross-Site Scripting
6.1
CVE-2021-24152
Feb 2, 2021
Researcher: Nguyen Anh Tien
Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Feb 1, 2021
Researcher: Nguyen Anh Tien
Title CVE ID CVSS Researchers Date
Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting CVE-2021-24233 6.1 Jinson Varghese Behanan March 30, 2021
GiveWP 2.4.0 - 2.9.7 - Reflected Cross Site Scripting CVE-2021-24213 6.1 Austin Bentley March 23, 2021
Elementor Website Builder <= 3.4.7 - DOM-based Cross-Site Scripting CVE-2021-24891 6.1 Joel Beleña March 23, 2021
Directory & Listing < 1.6.0 - Reflected Cross-Site Scripting CVE-2021-24320 6.1 Vladislav Pokrovsky (ΞX.MI) March 21, 2021
PhastPress <= 1.110 - Open Redirect CVE-2021-24210 6.1 Felipe Restrepo Rodriguez (pfelilpe) March 19, 2021
SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting CVE-2021-24187 6.1 Nguyen Anh Tien March 16, 2021
Social Slider Widget <= 1.8.4 - Reflected Cross-Site Scripting CVE-2021-24196 6.1 purine chu March 14, 2021
JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24176 6.1 Ganesh Bagaria March 11, 2021
Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting CVE-2021-24169 6.1 0xB9 March 3, 2021
Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery 6.1 Mr.F February 27, 2021
NextGen Gallery Pro <= 3.1.9 - Reflected Cross-Site Scripting CVE-2021-24293 6.1 Thura Moe Myint (mgthuramoemyint) February 24, 2021
Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting 6.1 February 23, 2021
Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect CVE-2021-24165 6.1 Chloe Chamberland February 16, 2021
Zebra_Form PHP library <= 2.9.8 - Reflected Cross-Site Scripting 6.1 WPScanTeam February 14, 2021
Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Cross-Site Scripting CVE-2021-24317 6.1 Vladislav Pokrovsky (ΞX.MI) February 10, 2021
Goto - Tour & Travel WordPress Theme < 2.0 - Reflected Cross-Site Scripting CVE-2021-24235 6.1 Vladislav Pokrovsky (ΞX.MI) February 10, 2021
Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting CVE-2022-1164 6.1 Daniel Ruf February 6, 2021
Photo Gallery <= 1.5.67 - Reflected Cross-Site Scripting CVE-2021-25041 6.1 Thura Moe Myint (mgthuramoemyint) February 3, 2021
Popup Builder <= 3.73 - Reflected Cross-Site Scripting CVE-2021-24152 6.1 Nguyen Anh Tien February 2, 2021
Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting 6.1 Nguyen Anh Tien February 1, 2021
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Mar 30, 2024
Vulns
1 Dhabaleshwar Das 63
2 Krzysztof Zając 37
3 Ngô Thiên An (ancorn_) 32
4 stealthcopter 28
5 Majed Refaea 27
6 wesley (wcraft) 27
7 Francesco Carlucci 26
8 Lucio Sá 25
9 Joshua Chan 23
10 Rafie Muhammad 21
11 Abdi Pranata 18
12 beluga 17
13 Dimas Maulana 16
14 Webbernaut 16
15 Khalid 15
16 Dave Jong 14
17 LVT-tholv2k 14
18 João Pedro Soares de Alcântara 11
19 Tim Coen 11
20 Steven Julian 10

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation