WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect
4.3
CVE-2022-4946
May 11, 2023
Researcher: WPScanTeam
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery
4.3
CVE-2023-32514
May 10, 2023
Researcher: Mika
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update
4.3
CVE ID Unknown
May 10, 2023
Researcher: Darius Sveikauskas
Whydonate – FREE Donate button <= 3.12.14 - Cross-Site Request Forgery
4.3
CVE-2023-29238
May 10, 2023
Researcher: easyBug
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery
4.3
CVE-2023-28749
May 9, 2023
Researcher: Abdi Pranata
Easy Hide Login <= 1.0.8 - Cross-Site Request Forgery
4.3
CVE-2023-31075
May 9, 2023
Researcher: konagash
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery
4.3
CVE-2023-32502
May 9, 2023
Researcher: Nguyen Xuan Chien
SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax()
4.3
CVE-2023-32126
May 9, 2023
Researcher: Jonas Höbenreich
Yoast SEO: Local <= 14.8 - Cross-Site Request Forgery
4.3
CVE-2023-28780
May 9, 2023
Researcher: Rafie Muhammad
Wise Chat <= 3.1.3 - Cross-Site Request Forgery
4.3
CVE-2023-32504
May 9, 2023
Researcher: Justiice
Web Stories for WordPress <= 1.31.0 - Insufficient Authorization
4.3
CVE-2023-1979
May 8, 2023
Researchers:
Download Manager <= 3.2.70 - Insufficient Authorization to Information Disclosure
4.3
CVE-2023-1524
May 8, 2023
Researcher: Johan Kragt
Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change
4.3
CVE-2023-27607
May 5, 2023
Researcher: Dave Jong
WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification
4.3
CVE ID Unknown
May 5, 2023
Researcher: István Márton
DX Delete Attached Media <= 2.0.2 - Missing Authorization to Settings Update
4.3
CVE ID Unknown
May 4, 2023
Researchers:
Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change
4.3
CVE-2023-32125
May 4, 2023
Researcher: yuyudhn
WOLF <= 1.0.6 - Cross-Site Request Forgery via wpbe_update_page_field
4.3
CVE ID Unknown
May 3, 2023
Researcher: Junsu Yeo
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion
4.3
CVE-2023-0766
May 2, 2023
Researcher: István Márton
AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization
4.3
CVE-2022-47604
Apr 28, 2023
Researcher: Justiice
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API
4.3
CVE-2023-2275
Apr 26, 2023
Researcher: István Márton
Title CVE ID CVSS Researchers Date
AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect CVE-2022-4946 4.3 WPScanTeam May 11, 2023
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery CVE-2023-32514 4.3 Mika May 10, 2023
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update 4.3 Darius Sveikauskas May 10, 2023
Whydonate – FREE Donate button <= 3.12.14 - Cross-Site Request Forgery CVE-2023-29238 4.3 easyBug May 10, 2023
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery CVE-2023-28749 4.3 Abdi Pranata May 9, 2023
Easy Hide Login <= 1.0.8 - Cross-Site Request Forgery CVE-2023-31075 4.3 konagash May 9, 2023
Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery CVE-2023-32502 4.3 Nguyen Xuan Chien May 9, 2023
SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax() CVE-2023-32126 4.3 Jonas Höbenreich May 9, 2023
Yoast SEO: Local <= 14.8 - Cross-Site Request Forgery CVE-2023-28780 4.3 Rafie Muhammad May 9, 2023
Wise Chat <= 3.1.3 - Cross-Site Request Forgery CVE-2023-32504 4.3 Justiice May 9, 2023
Web Stories for WordPress <= 1.31.0 - Insufficient Authorization CVE-2023-1979 4.3 May 8, 2023
Download Manager <= 3.2.70 - Insufficient Authorization to Information Disclosure CVE-2023-1524 4.3 Johan Kragt May 8, 2023
Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change CVE-2023-27607 4.3 Dave Jong May 5, 2023
WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification 4.3 István Márton May 5, 2023
DX Delete Attached Media <= 2.0.2 - Missing Authorization to Settings Update 4.3 May 4, 2023
Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change CVE-2023-32125 4.3 yuyudhn May 4, 2023
WOLF <= 1.0.6 - Cross-Site Request Forgery via wpbe_update_page_field 4.3 Junsu Yeo May 3, 2023
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion CVE-2023-0766 4.3 István Márton May 2, 2023
AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization CVE-2022-47604 4.3 Justiice April 28, 2023
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API CVE-2023-2275 4.3 István Márton April 26, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Apr 18, 2024
Vulns
1 stealthcopter 60
2 Dhabaleshwar Das 46
3 Ngô Thiên An (ancorn_) 37
4 Rafie Muhammad 35
5 wesley (wcraft) 33
6 Joshua Chan 32
7 Krzysztof Zając 29
8 Bob Matyas 26
9 Francesco Carlucci 24
10 Steven Julian 22
11 Lucio Sá 22
12 Benedictus Jovan (aillesiM) 18
13 Webbernaut 18
14 Abdi Pranata 16
15 Khalid 16
16 Majed Refaea 16
17 Dave Jong 15
18 Peng Zhou 12
19 Dmitrii Ignatyev 11
20 LVT-tholv2k 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation