🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our SQL Injection firewall rule

1,974,696

Attacks Blocked in Past 24 Hours

Showing 221-240 of 1,444 Vulnerabilities

WP Statistics <= 13.1.5 - Unauthenticated SQL Injection

9.8

CVE-2022-25148

Feb 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via current_page_type

9.8

CVE-2022-0651

Feb 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter

9.8

CVE-2022-0169

Feb 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Statistics <= 13.1.4 - Unauthenticated Blind SQL Injection

9.8

CVE-2022-0513

Feb 10, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NotificationX <= 2.3.8 - Blind SQL Injection

9.8

CVE-2022-0349

Feb 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection

9.8

CVE-2022-0434

Feb 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection

9.8

CVE-2022-0412

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection

9.8

CVE-2021-25114

Jan 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection

9.8

CVE-2021-24949

Dec 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection

9.8

CVE-2021-24849

Nov 22, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter

9.8

CVE-2021-24946

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection

9.8

CVE-2021-24863

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

LearnPress <= 4.1.3 - Authenticated SQL Injection

9.8

CVE-2021-24951

Nov 9, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection

9.8

CVE-2021-24943

Nov 8, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection

9.8

CVE-2021-24931

Nov 8, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

uListing <= 1.6.6 - Unauthenticated SQL Injection

9.8

CVE-2021-4340

Oct 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection

9.8

CVE-2021-24827

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection

9.8

CVE-2021-24731

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection

9.8

CVE-2021-24762

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Support Board <= 3.3.3 - Multiple Unauthenticated SQL Injections

9.8

CVE-2021-24741

Sep 3, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP Statistics <= 13.1.5 - Unauthenticated SQL Injection	CVE-2022-25148	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 16, 2022
WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via current_page_type	CVE-2022-0651	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 16, 2022
Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter	CVE-2022-0169	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 15, 2022
WP Statistics <= 13.1.4 - Unauthenticated Blind SQL Injection	CVE-2022-0513	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 10, 2022
NotificationX <= 2.3.8 - Blind SQL Injection	CVE-2022-0349	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 2, 2022
Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection	CVE-2022-0434	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection	CVE-2022-0412	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 31, 2022
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection	CVE-2021-25114	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 7, 2022
The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection	CVE-2021-24949	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 13, 2021
WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection	CVE-2021-24849	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 22, 2021
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter	CVE-2021-24946	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 15, 2021
WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection	CVE-2021-24863	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 15, 2021
LearnPress <= 4.1.3 - Authenticated SQL Injection	CVE-2021-24951	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 9, 2021
Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection	CVE-2021-24943	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 8, 2021
Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection	CVE-2021-24931	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 8, 2021
uListing <= 1.6.6 - Unauthenticated SQL Injection	CVE-2021-4340	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 28, 2021
Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection	CVE-2021-24827	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 11, 2021
Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection	CVE-2021-24731	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 11, 2021
Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection	CVE-2021-24762	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Support Board <= 3.3.3 - Multiple Unauthenticated SQL Injections	CVE-2021-24741	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 3, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation