🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our SQL Injection firewall rule

1,482,891

Attacks Blocked in Past 24 Hours

Showing 481-500 of 1,444 Vulnerabilities

Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection

8.8

CVE-2023-0765

Mar 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'

8.8

CVE-2023-28659

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Events Made Easy <= 2.3.14 - Authenticated (Subscriber+) SQL Injection via 'search_name'

8.8

CVE-2023-28660

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection via 'value'

8.8

CVE-2023-28661

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection

7.2

CVE-2023-1425

Mar 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-1471

Mar 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection

6.5

CVE-2023-28491

Mar 15, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection

9.8

CVE-2022-47445

Mar 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection

7.2

CVE-2023-26525

Mar 2, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes

7.7

CVE-2023-0631

Feb 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

8.8

CVE-2023-0630

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0875

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'

8.8

CVE-2022-45805

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters

9.8

CVE-2023-0037

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0895

Feb 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-0279

Feb 16, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

GamiPress <= 2.5.7 - Unauthenticated SQL Injection

9.8

CVE-2023-24000

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter

7.2

CVE-2023-25047

Feb 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value

7.2

CVE-2023-25045

Feb 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-44580

Feb 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection	CVE-2023-0765	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 27, 2023
Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]'	CVE-2023-28659	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 22, 2023
Events Made Easy <= 2.3.14 - Authenticated (Subscriber+) SQL Injection via 'search_name'	CVE-2023-28660	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 20, 2023
WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection via 'value'	CVE-2023-28661	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 20, 2023
Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection	CVE-2023-1425	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 20, 2023
WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection	CVE-2023-1471	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 17, 2023
Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection	CVE-2023-28491	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N	March 15, 2023
Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection	CVE-2022-47445	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 15, 2023
Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection	CVE-2023-26525	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 2, 2023
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes	CVE-2023-0631	7.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	February 28, 2023
Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode	CVE-2023-0630	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 23, 2023
WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0875	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 22, 2023
Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post'	CVE-2022-45805	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 22, 2023
10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters	CVE-2023-0037	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 20, 2023
WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection	CVE-2023-0895	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 17, 2023
Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection	CVE-2023-0279	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 16, 2023
GamiPress <= 2.5.7 - Unauthenticated SQL Injection	CVE-2023-24000	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2023
RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter	CVE-2023-25047	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 13, 2023
RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value	CVE-2023-25045	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 13, 2023
Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection	CVE-2022-44580	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 8, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation