🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WordPress Vulnerability Database

Wordfence Intelligence > Vulnerability Database

WordPress Core

WordPress Plugins

WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability

Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings

5.5

CVE-2023-28783

Apr 24, 2023

Researcher: Yuki Haruma

Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

5.5

CVE-2023-28693

Apr 24, 2023

Researcher: qilin_99

TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-2169

Apr 18, 2023

Researcher: Ivan Kuzymchak

TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-2168

Apr 18, 2023

Researcher: Ivan Kuzymchak

Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2022-32970

Apr 18, 2023

Researcher: Muhammad Daffa

TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-2170

Apr 18, 2023

Researcher: Ivan Kuzymchak

YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-1869

Apr 18, 2023

Researcher: Marco Wotschka

affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2023-23786

Mar 30, 2023

Researcher: yuyudhn

Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting

5.5

CVE-2023-1575

Mar 29, 2023

Researcher: Marco Wotschka

Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields

5.5

CVE-2023-1122

Mar 20, 2023

Researcher: Varun

Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-25442

Feb 15, 2023

Researcher: Rio Darmawan

Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25490

Feb 15, 2023

Researcher: yuyudhn

Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25710

Feb 15, 2023

Researcher: yuyudhn

Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-46863

Feb 14, 2023

Researcher: Justiice

WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25705

Feb 14, 2023

Researcher: Rio Darmawan

Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25704

Feb 14, 2023

Researcher: Lokesh Dachepalli

Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25793

Feb 10, 2023

Researcher: Abdi Pranata

Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-25702

Feb 10, 2023

Researcher: yuyudhn

Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25031

Feb 6, 2023

Researcher: Rafshanzani Suhada

Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25027

Feb 6, 2023

Researcher: yuyudhn

Title	CVE ID	CVSS	Researchers	Date
Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings	CVE-2023-28783	5.5	Yuki Haruma	April 24, 2023
Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2023-28693	5.5	qilin_99	April 24, 2023
TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-2169	5.5	Ivan Kuzymchak	April 18, 2023
TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-2168	5.5	Ivan Kuzymchak	April 18, 2023
Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2022-32970	5.5	Muhammad Daffa	April 18, 2023
TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-2170	5.5	Ivan Kuzymchak	April 18, 2023
YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-1869	5.5	Marco Wotschka	April 18, 2023
affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2023-23786	5.5	yuyudhn	March 30, 2023
Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting	CVE-2023-1575	5.5	Marco Wotschka	March 29, 2023
Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields	CVE-2023-1122	5.5	Varun	March 20, 2023
Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25442	5.5	Rio Darmawan	February 15, 2023
Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25490	5.5	yuyudhn	February 15, 2023
Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25710	5.5	yuyudhn	February 15, 2023
Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2022-46863	5.5	Justiice	February 14, 2023
WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25705	5.5	Rio Darmawan	February 14, 2023
Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25704	5.5	Lokesh Dachepalli	February 14, 2023
Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25793	5.5	Abdi Pranata	February 10, 2023
Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25702	5.5	yuyudhn	February 10, 2023
Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-25031	5.5	Rafshanzani Suhada	February 6, 2023
Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-25027	5.5	yuyudhn	February 6, 2023

Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All

Rank	Name	Vulnerabilities since Apr 4, 2024 Vulns
1	Dhabaleshwar Das	80
2	Krzysztof Zając	45
3	Rafie Muhammad	45
4	Joshua Chan	45
5	Majed Refaea	39
6	stealthcopter	38
7	Ngô Thiên An (ancorn_)	34
8	Francesco Carlucci	31
9	wesley (wcraft)	30
10	Abdi Pranata	28
11	Dave Jong	27
12	Lucio Sá	24
13	beluga	23
14	Steven Julian	23
15	Khalid	22
16	LVT-tholv2k	20
17	Dimas Maulana	18
18	Webbernaut	16
19	Mika	16
20	CatFather	13

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation