🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Vulnerabilities protected by our SQL Injection firewall rule

1,688,698

Attacks Blocked in Past 24 Hours

Showing 701-720 of 1,445 Vulnerabilities

WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0263

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0262

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0260

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0220

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-23660

Jan 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-23651

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0098

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-23490

Jan 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-45820

Dec 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2022-46859

Dec 16, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Web Invoice <= 2.1.3 - Authenticated SQL Injection

8.8

CVE-2022-4372

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Web Invoice <= 2.1.3 - Authenticated SQL Injection

8.8

CVE-2022-4371

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection

8.8

CVE-2022-3860

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id

8.8

CVE-2022-4150

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-3981

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection

8.8

CVE-2022-3768

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2022-3769

Nov 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations

8.8

CVE-2022-3494

Oct 17, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection

8.8

CVE-2022-3395

Oct 3, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-3246

Oct 3, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0263	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 23, 2023
WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0262	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 23, 2023
WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0260	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 23, 2023
Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0220	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 23, 2023
MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection	CVE-2023-23660	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 18, 2023
MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection	CVE-2023-23651	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 17, 2023
Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0098	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 17, 2023
Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection	CVE-2023-23490	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 12, 2023
LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection	CVE-2022-45820	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 20, 2022
Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection	CVE-2022-46859	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 16, 2022
Web Invoice <= 2.1.3 - Authenticated SQL Injection	CVE-2022-4372	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Web Invoice <= 2.1.3 - Authenticated SQL Injection	CVE-2022-4371	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection	CVE-2022-3860	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id	CVE-2022-4150	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection	CVE-2022-3981	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 21, 2022
WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection	CVE-2022-3768	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 7, 2022
OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection	CVE-2022-3769	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 2, 2022
Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations	CVE-2022-3494	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2022
WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection	CVE-2022-3395	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 3, 2022
Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection	CVE-2022-3246	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 3, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation