WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery
4.3
CVE-2023-24421
Apr 6, 2023
Researcher: Mika
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'
4.3
CVE-2023-1920
Apr 6, 2023
Researcher: Marco Wotschka
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax
4.3
CVE-2023-29428
Apr 6, 2023
Researcher: Abdi Pranata
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'
4.3
CVE-2023-1926
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'
4.3
CVE-2023-1931
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback'
4.3
CVE-2023-1930
Apr 6, 2023
Researcher: Marco Wotschka
qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx
4.3
CVE-2023-29431
Apr 6, 2023
Researcher: István Márton
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax
4.3
CVE ID Unknown
Apr 6, 2023
Researcher: Abdi Pranata
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'
4.3
CVE-2023-1929
Apr 6, 2023
Researcher: Marco Wotschka
Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Apr 5, 2023
Researchers:
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update
4.3
CVE-2023-1870
Apr 5, 2023
Researcher: Marco Wotschka
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery
4.3
CVE-2023-25051
Apr 4, 2023
Researcher: Mika
MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings
4.3
CVE ID Unknown
Apr 3, 2023
Researchers:
HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation
4.3
CVE ID Unknown
Apr 3, 2023
Researchers:
Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Welcome Bar <= 2.0.3 - Missing Authorization
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Welcome Bar <= 2.0.3 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation
4.3
CVE-2023-23801
Mar 31, 2023
Researcher: István Márton
WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation()
4.3
CVE-2023-23731
Mar 30, 2023
Researcher: István Márton
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()
4.3
CVE-2023-28995
Mar 30, 2023
Researcher: Abdi Pranata
Title CVE ID CVSS Researchers Date
PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery CVE-2023-24421 4.3 Mika April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback' CVE-2023-1920 4.3 Marco Wotschka April 6, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax CVE-2023-29428 4.3 Abdi Pranata April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar' CVE-2023-1926 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar' CVE-2023-1931 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback' CVE-2023-1930 4.3 Marco Wotschka April 6, 2023
qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx CVE-2023-29431 4.3 István Márton April 6, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax 4.3 Abdi Pranata April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback' CVE-2023-1929 4.3 Marco Wotschka April 6, 2023
Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery 4.3 April 5, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update CVE-2023-1870 4.3 Marco Wotschka April 5, 2023
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery CVE-2023-25051 4.3 Mika April 4, 2023
MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings 4.3 April 3, 2023
HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation 4.3 April 3, 2023
Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery 4.3 March 31, 2023
Welcome Bar <= 2.0.3 - Missing Authorization 4.3 March 31, 2023
Welcome Bar <= 2.0.3 - Cross-Site Request Forgery 4.3 March 31, 2023
Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation CVE-2023-23801 4.3 István Márton March 31, 2023
WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation() CVE-2023-23731 4.3 István Márton March 30, 2023
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page() CVE-2023-28995 4.3 Abdi Pranata March 30, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Apr 19, 2024
Vulns
1 stealthcopter 59
2 Dhabaleshwar Das 48
3 Ngô Thiên An (ancorn_) 35
4 Rafie Muhammad 34
5 Joshua Chan 31
6 wesley (wcraft) 31
7 Krzysztof Zając 27
8 Bob Matyas 24
9 Francesco Carlucci 24
10 Steven Julian 21
11 Lucio Sá 21
12 Benedictus Jovan (aillesiM) 18
13 Webbernaut 17
14 Abdi Pranata 16
15 Dave Jong 15
16 Majed Refaea 15
17 Khalid 14
18 Peng Zhou 12
19 LVT-tholv2k 11
20 Dmitrii Ignatyev 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation