WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
CoSchool LMS <= 1.2 - Missing Authorization to Privilege Escalation
9.8
CVE-2024-54296
Dec 11, 2024
Researcher: stealthcopter
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation
9.8
CVE-2024-54363
Dec 11, 2024
Researcher: ghsinfosec
CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation
9.8
CVE-2024-54293
Dec 11, 2024
Researcher: stealthcopter
Projectopia <= 5.1.7 - Missing Authorization to Privilege Escalation via pto_reset_password()
9.8
CVE-2024-54336
Dec 11, 2024
Researcher: stealthcopter
Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion
9.8
CVE-2024-54270
Dec 11, 2024
Researcher: h0j3n
Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion
9.8
CVE-2024-54374
Dec 11, 2024
Researcher: tahu.datar
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
9.8
CVE-2024-10124
Dec 11, 2024
Researcher: stealthcopter
ForumWP <= 2.1.0 - Unauthenticated PHP Object Injection
9.8
CVE-2024-54367
Dec 11, 2024
Researcher: Mika
Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation
9.8
CVE-2024-54294
Dec 11, 2024
Researcher: stealthcopter
WooCommerce PDF Vouchers < 4.9.9 - Authentication Bypass
9.8
CVE-2024-54383
Dec 11, 2024
Researcher: Bonds
WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion
9.8
CVE-2024-54380
Dec 11, 2024
Researcher: tahu.datar
Woffice <= 5.4.14 - Unauthenticated Privilege Escalation
9.8
CVE-2024-43234
Dec 10, 2024
Researcher: Rafie Muhammad
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion
9.8
CVE-2024-12209
Dec 7, 2024
Researcher: Arkadiusz Hydzik
SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update
9.8
CVE-2024-12155
Dec 5, 2024
Researcher: Lucio Sá
Sweet Date <= 3.7.3 - Unauthenticated Privilege Escalation
9.8
CVE-2024-43222
Dec 3, 2024
Researcher: luc
Pie Register Premium < 3.8.3.3 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-53822
Dec 2, 2024
Researcher: Ananda Dhakal
WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
9.8
CVE-2024-11925
Nov 27, 2024
Researcher: Tonn
Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover
9.8
CVE-2024-11103
Nov 27, 2024
Researcher: shaman0x01
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
9.8
CVE-2024-10542
Nov 25, 2024
Researcher: mikemyers
AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset
9.8
CVE-2024-11024
Nov 25, 2024
Researcher: shaman0x01
Title CVE ID CVSS Researchers Date
CoSchool LMS <= 1.2 - Missing Authorization to Privilege Escalation CVE-2024-54296 9.8 stealthcopter December 11, 2024
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation CVE-2024-54363 9.8 ghsinfosec December 11, 2024
CE21 Suite <= 2.2.0 - Unauthenticated Privilege Escalation CVE-2024-54293 9.8 stealthcopter December 11, 2024
Projectopia <= 5.1.7 - Missing Authorization to Privilege Escalation via pto_reset_password() CVE-2024-54336 9.8 stealthcopter December 11, 2024
Axeptio <= 2.5.4 - Unauthenticated Local File Inclusion CVE-2024-54270 9.8 h0j3n December 11, 2024
Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion CVE-2024-54374 9.8 tahu.datar December 11, 2024
Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation CVE-2024-10124 9.8 stealthcopter December 11, 2024
ForumWP <= 2.1.0 - Unauthenticated PHP Object Injection CVE-2024-54367 9.8 Mika December 11, 2024
Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation CVE-2024-54294 9.8 stealthcopter December 11, 2024
WooCommerce PDF Vouchers < 4.9.9 - Authentication Bypass CVE-2024-54383 9.8 Bonds December 11, 2024
WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion CVE-2024-54380 9.8 tahu.datar December 11, 2024
Woffice <= 5.4.14 - Unauthenticated Privilege Escalation CVE-2024-43234 9.8 Rafie Muhammad December 10, 2024
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion CVE-2024-12209 9.8 Arkadiusz Hydzik December 7, 2024
SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update CVE-2024-12155 9.8 Lucio Sá December 5, 2024
Sweet Date <= 3.7.3 - Unauthenticated Privilege Escalation CVE-2024-43222 9.8 luc December 3, 2024
Pie Register Premium < 3.8.3.3 - Unauthenticated Arbitrary File Upload CVE-2024-53822 9.8 Ananda Dhakal December 2, 2024
WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation CVE-2024-11925 9.8 Tonn November 27, 2024
Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover CVE-2024-11103 9.8 shaman0x01 November 27, 2024
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation CVE-2024-10542 9.8 mikemyers November 25, 2024
AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset CVE-2024-11024 9.8 shaman0x01 November 25, 2024
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Dec 10, 2024
Vulns
1 SOPROBRO 103
2 vgo0 66
3 Mika 49
4 Peter Thaleikis 47
5 João Pedro Soares de Alcântara 45
6 Rafie Muhammad 33
7 Lucio Sá 25
8 zaim 25
9 Francesco Carlucci 22
10 stealthcopter 22
11 theviper17y 20
12 ardias 17
13 yudha 17
14 thiennv 16
15 zakaria 16
16 Tieu Pham Trong Nhan 14
17 Trương Hữu Phúc (truonghuuphuc) 13
18 Colin Xu 13
19 LVT-tholv2k 13
20 Gab 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation