WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting
6.1
CVE-2022-0212
Jan 13, 2022
Researcher: Krzysztof Zając
NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting
6.1
CVE-2022-0206
Jan 13, 2022
Researcher: Krzysztof Zając
PublishPress Capabilities <= 2.3.2 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jan 13, 2022
Researcher: WPScanTeam
RSVP and Event Management <= 2.7.4 - Cross-Site Scripting
6.1
CVE ID Unknown
Jan 13, 2022
Researchers:
PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting
6.1
CVE-2022-0176
Jan 12, 2022
Researcher: Krzysztof Zając
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters
6.1
CVE-2021-24874
Jan 12, 2022
Researcher: ZhongFu Su
Adaptive Images <= 0.6.68 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jan 11, 2022
Researcher: Jan w Oleju
All-in-one Floating Contact Form <= 2.0.3 - Reflected Cross-Site Scripting
6.1
CVE-2022-0148
Jan 10, 2022
Researcher: Krzysztof Zając
Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting
6.1
CVE-2021-25077
Jan 10, 2022
Researcher: Krzysztof Zając
WooCommerce – Store Exporter <= 2.7 - Reflected Cross-Site Scripting
6.1
CVE-2022-0149
Jan 10, 2022
Researcher: Krzysztof Zając
SupportCandy – Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2021-24879
Jan 5, 2022
Researcher: apple502j
SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting
6.1
CVE-2021-24878
Jan 5, 2022
Researcher: apple502j
Amazon Affiliate <= 3.17 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jan 4, 2022
Researcher: andrea bocchetti
Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action
6.1
CVE-2021-24983
Jan 3, 2022
Researcher: ZhongFu Su
Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter
6.1
CVE-2021-24934
Jan 3, 2022
Researcher: ZhongFu Su
NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2021-24975
Jan 3, 2022
Researcher: Krzysztof Zając
Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting
6.1
CVE-2021-25063
Jan 3, 2022
Researcher: Krzysztof Zając
Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting
6.1
CVE-2021-24937
Jan 3, 2022
Researcher: ZhongFu Su
Link Library <= 7.2.8 - Reflected Cross-Site Scripting
6.1
CVE-2021-25091
Dec 30, 2021
Researcher: Krzysztof Zając
UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore
6.1
CVE-2021-25089
Dec 28, 2021
Researcher: ZhongFu Su
Title CVE ID CVSS Researchers Date
SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting CVE-2022-0212 6.1 Krzysztof Zając January 13, 2022
NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting CVE-2022-0206 6.1 Krzysztof Zając January 13, 2022
PublishPress Capabilities <= 2.3.2 - Reflected Cross-Site Scripting 6.1 WPScanTeam January 13, 2022
RSVP and Event Management <= 2.7.4 - Cross-Site Scripting 6.1 January 13, 2022
PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting CVE-2022-0176 6.1 Krzysztof Zając January 12, 2022
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters CVE-2021-24874 6.1 ZhongFu Su January 12, 2022
Adaptive Images <= 0.6.68 - Reflected Cross-Site Scripting 6.1 Jan w Oleju January 11, 2022
All-in-one Floating Contact Form <= 2.0.3 - Reflected Cross-Site Scripting CVE-2022-0148 6.1 Krzysztof Zając January 10, 2022
Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting CVE-2021-25077 6.1 Krzysztof Zając January 10, 2022
WooCommerce – Store Exporter <= 2.7 - Reflected Cross-Site Scripting CVE-2022-0149 6.1 Krzysztof Zając January 10, 2022
SupportCandy – Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2021-24879 6.1 apple502j January 5, 2022
SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting CVE-2021-24878 6.1 apple502j January 5, 2022
Amazon Affiliate <= 3.17 - Reflected Cross-Site Scripting 6.1 andrea bocchetti January 4, 2022
Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action CVE-2021-24983 6.1 ZhongFu Su January 3, 2022
Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter CVE-2021-24934 6.1 ZhongFu Su January 3, 2022
NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24975 6.1 Krzysztof Zając January 3, 2022
Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting CVE-2021-25063 6.1 Krzysztof Zając January 3, 2022
Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting CVE-2021-24937 6.1 ZhongFu Su January 3, 2022
Link Library <= 7.2.8 - Reflected Cross-Site Scripting CVE-2021-25091 6.1 Krzysztof Zając December 30, 2021
UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore CVE-2021-25089 6.1 ZhongFu Su December 28, 2021
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Apr 16, 2024
Vulns
1 stealthcopter 58
2 Dhabaleshwar Das 48
3 Krzysztof Zając 37
4 Rafie Muhammad 37
5 Ngô Thiên An (ancorn_) 37
6 wesley (wcraft) 34
7 Joshua Chan 32
8 Bob Matyas 29
9 Francesco Carlucci 26
10 Lucio Sá 23
11 Steven Julian 22
12 Benedictus Jovan (aillesiM) 18
13 Webbernaut 18
14 Abdi Pranata 18
15 Dave Jong 17
16 Majed Refaea 16
17 Khalid 16
18 Peng Zhou 12
19 Mika 11
20 István Márton 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation