WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting
6.1
CVE-2021-39318
Dec 13, 2021
Researcher: p7e4
Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting
6.1
CVE-2021-39315
Dec 13, 2021
Researcher: p7e4
.htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting
6.1
CVE-2021-38361
Dec 13, 2021
Researcher: p7e4
WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting
6.1
CVE-2021-39314
Dec 13, 2021
Researcher: p7e4
WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting
6.1
CVE-2021-25043
Dec 13, 2021
Researcher: Krzysztof Zając
Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting
6.1
CVE-2021-42547
Dec 13, 2021
Researcher: Trainer Red
link-list-manager <= 1.0 - Reflected Cross-Site Scripting
6.1
CVE-2021-39311
Dec 13, 2021
Researcher: p7e4
Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting
6.1
CVE-2021-39310
Dec 13, 2021
Researcher: p7e4
WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting
6.1
CVE-2021-25061
Dec 10, 2021
Researcher: Krzysztof Zając
10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting
6.1
CVE-2021-25047
Dec 7, 2021
Researcher: Krzysztof Zając
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Dec 6, 2021
Researcher: WPScanTeam
PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting
6.1
CVE-2021-25027
Dec 6, 2021
Researcher: Krzysztof Zając
Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting
6.1
CVE-2021-25040
Dec 6, 2021
Researcher: Krzysztof Zając
Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button - Chaty <= 2.8.2 Reflected Cross-Site Scripting
6.1
CVE-2021-25016
Dec 6, 2021
Researcher: Krzysztof Zając
Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting
6.1
CVE-2021-42546
Dec 6, 2021
Researcher: Trainer Red
UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting
6.1
CVE-2021-25022
Dec 6, 2021
Researcher: Krzysztof Zając
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in PDF Invoicing Module
6.1
CVE-2021-24999
Dec 1, 2021
Researcher: Jeremie Amsellem
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in General Module
6.1
CVE-2021-25000
Dec 1, 2021
Researcher: Jeremie Amsellem
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in Product XML Feeds Module
6.1
CVE-2021-25001
Dec 1, 2021
Researcher: Jeremie Amsellem
LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res
6.1
CVE-2021-24963
Nov 30, 2021
Researcher: Emil Kylander
Title CVE ID CVSS Researchers Date
H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting CVE-2021-39318 6.1 p7e4 December 13, 2021
Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting CVE-2021-39315 6.1 p7e4 December 13, 2021
.htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting CVE-2021-38361 6.1 p7e4 December 13, 2021
WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting CVE-2021-39314 6.1 p7e4 December 13, 2021
WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting CVE-2021-25043 6.1 Krzysztof Zając December 13, 2021
Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting CVE-2021-42547 6.1 Trainer Red December 13, 2021
link-list-manager <= 1.0 - Reflected Cross-Site Scripting CVE-2021-39311 6.1 p7e4 December 13, 2021
Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting CVE-2021-39310 6.1 p7e4 December 13, 2021
WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting CVE-2021-25061 6.1 Krzysztof Zając December 10, 2021
10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting CVE-2021-25047 6.1 Krzysztof Zając December 7, 2021
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting 6.1 WPScanTeam December 6, 2021
PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting CVE-2021-25027 6.1 Krzysztof Zając December 6, 2021
Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting CVE-2021-25040 6.1 Krzysztof Zając December 6, 2021
Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button - Chaty <= 2.8.2 Reflected Cross-Site Scripting CVE-2021-25016 6.1 Krzysztof Zając December 6, 2021
Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting CVE-2021-42546 6.1 Trainer Red December 6, 2021
UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting CVE-2021-25022 6.1 Krzysztof Zając December 6, 2021
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in PDF Invoicing Module CVE-2021-24999 6.1 Jeremie Amsellem December 1, 2021
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in General Module CVE-2021-25000 6.1 Jeremie Amsellem December 1, 2021
Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in Product XML Feeds Module CVE-2021-25001 6.1 Jeremie Amsellem December 1, 2021
LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res CVE-2021-24963 6.1 Emil Kylander November 30, 2021
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Apr 18, 2024
Vulns
1 stealthcopter 60
2 Dhabaleshwar Das 46
3 Ngô Thiên An (ancorn_) 37
4 Rafie Muhammad 35
5 wesley (wcraft) 33
6 Joshua Chan 32
7 Krzysztof Zając 29
8 Bob Matyas 26
9 Francesco Carlucci 24
10 Steven Julian 22
11 Lucio Sá 22
12 Benedictus Jovan (aillesiM) 18
13 Webbernaut 18
14 Abdi Pranata 16
15 Khalid 16
16 Majed Refaea 16
17 Dave Jong 15
18 Peng Zhou 12
19 Dmitrii Ignatyev 11
20 LVT-tholv2k 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation