💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

WordPress Vulnerability Database

Wordfence Intelligence > Vulnerability Database

WordPress Core

WordPress Plugins

WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability

LeagueManager < 3.8.1 - SQL Injection

7.2

CVE-2013-1852

Mar 13, 2013

Researcher: Joshua Reynolds

MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting

6.1

CVE-2013-0731

Mar 13, 2013

Researcher: Charlie Eriksen

podPress <= 8.8.10.17 - Cross-Site Scripting via playerID

6.1

CVE-2013-2714

Mar 11, 2013

Researcher: hip

Terillion Reviews < 1.2 - Stored Cross-Site Scripting

6.4

CVE-2013-2501

Mar 8, 2013

Researcher: Aditya Balapure

All-in-One Events Calendar < 1.10 - SQL Injection

10.0

CVE ID Unknown

Mar 7, 2013

Researcher: Christian Mehlmauer

Count per Day < 3.2.6 - Cross-Site Scripting

6.1

CVE-2013-7472

Mar 5, 2013

Researcher: alej andr0

Caulk (Unknown Versions) - Full Path Disclosure

5.3

CVE ID Unknown

Mar 4, 2013

Researcher: Rafay Baloch

Events Manager <= 5.3.6 - Multiple Cross-Site Scripting

6.1

CVE-2013-7480

Feb 27, 2013

Researchers:

Google Alert and Twitter Plugin <= 3.1.5 - Multiple Vulnerabilities

9.8

CVE ID Unknown

Feb 25, 2013

Researcher: Dan Fosco

Magn WP Drag And Drop Media Uploader <= 1.2.0 - Arbitrary File Upload

9.8

CVE ID Unknown

Feb 23, 2013

Researcher: JingoBD

Comment Rating <= 2.9.32 - SQL Injection

9.8

CVE ID Unknown

Feb 21, 2013

Researcher: ebanyu

Mingle Forum <= 1.0.33.3 - SQL Injection

9.8

CVE-2013-0735

Feb 20, 2013

Researcher: Charlie Eriksen

Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting

7.2

CVE-2013-0734

Feb 20, 2013

Researcher: Charlie Eriksen

Smart Flv <= 1.0 - Cross-Site Scripting

6.1

CVE-2013-1765

Feb 19, 2013

Researcher: Henri Salo (fgeek)

Allure Real Estate Theme for Placester <= 0.1.1 - Cross-Site Scripting

6.1

CVE ID Unknown

Feb 19, 2013