WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Timetics <= 1.0.23 - Authorization Bypass
5.3
CVE-2024-43923
Aug 26, 2024
Researcher: Manab Jyoti Dowarah
Beaver Builder <= 2.8.3.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-43926
Aug 26, 2024
Researcher: Rafie Muhammad
Responsive Lightbox <= 2.4.7 - Missing Authorization
5.3
CVE-2024-43924
Aug 26, 2024
Researcher: Rafie Muhammad
Esotera <= 1.2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-43952
Aug 26, 2024
Researcher: stealthcopter
WP Armour Extended <= 1.26 - Cross-Site Request Forgery
4.3
CVE-2024-43947
Aug 26, 2024
Researcher: Dave Jong
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery
4.3
CVE-2024-8200
Aug 26, 2024
Researcher: Sajjad Ahmad (jack_sparrow)
WPMobile.App <= 11.48 - Reflected Cross-Site Scripting
6.1
CVE-2024-43933
Aug 26, 2024
Researcher: Muhammad Daffa
WP Testimonial Widget <= 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-43967
Aug 26, 2024
Researcher: Newman Hantouli
Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion
8.8
CVE-2024-43957
Aug 26, 2024
Researcher: João Pedro Soares de Alcântara
Droip <= 1.1.1 - Unauthenticated Arbitrary File Deletion
9.1
CVE-2024-43955
Aug 26, 2024
Researcher: Dave Jong
IntoTheDark <= 1.0.5 - Reflected Cross-Site Scripting
6.1
CVE-2024-43958
Aug 26, 2024
Researcher: akas wisnu aji
Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Settings Update
5.3
CVE-2024-43940
Aug 26, 2024
Researcher: Dave Jong
Envira Photo Gallery <= 1.8.14 - Missing Authorization
4.3
CVE-2024-43925
Aug 26, 2024
Researcher: Rafie Muhammad
Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting
6.1
CVE-2024-43921
Aug 26, 2024
Researcher: Le Ngoc Anh
Propovoice Pro <= 1.7.0.3 - Unauthenticated SQL Injection
10.0
CVE-2024-43941
Aug 26, 2024
Researcher: Dave Jong
WP Crowdfunding <= 2.1.10 - Missing Authorization to Authenticated (Subscriber+) to Enable/Disable Addons
5.3
CVE-2024-43937
Aug 26, 2024
Researcher: Trương Hữu Phúc (truonghuuphuc)
WP Testimonial Widget <= 3.1 - Authenticated (Admin+) SQL Injection
9.1
CVE-2024-43966
Aug 26, 2024
Researcher: Newman Hantouli
Testimonials <= 3.0.8 - Reflected Cross-Site Scripting
6.1
CVE-2024-43959
Aug 26, 2024
Researcher: Abdi Pranata
Gutenverse <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-43920
Aug 26, 2024
Researcher: João Pedro Soares de Alcântara
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
4.3
CVE-2024-8199
Aug 26, 2024
Researcher: Sajjad Ahmad (jack_sparrow)
Title CVE ID CVSS Researchers Date
Timetics <= 1.0.23 - Authorization Bypass CVE-2024-43923 5.3 Manab Jyoti Dowarah August 26, 2024
Beaver Builder <= 2.8.3.2 - Reflected Cross-Site Scripting CVE-2024-43926 6.1 Rafie Muhammad August 26, 2024
Responsive Lightbox <= 2.4.7 - Missing Authorization CVE-2024-43924 5.3 Rafie Muhammad August 26, 2024
Esotera <= 1.2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43952 6.4 stealthcopter August 26, 2024
WP Armour Extended <= 1.26 - Cross-Site Request Forgery CVE-2024-43947 4.3 Dave Jong August 26, 2024
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery CVE-2024-8200 4.3 Sajjad Ahmad (jack_sparrow) August 26, 2024
WPMobile.App <= 11.48 - Reflected Cross-Site Scripting CVE-2024-43933 6.1 Muhammad Daffa August 26, 2024
WP Testimonial Widget <= 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-43967 4.4 Newman Hantouli August 26, 2024
Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion CVE-2024-43957 8.8 João Pedro Soares de Alcântara August 26, 2024
Droip <= 1.1.1 - Unauthenticated Arbitrary File Deletion CVE-2024-43955 9.1 Dave Jong August 26, 2024
IntoTheDark <= 1.0.5 - Reflected Cross-Site Scripting CVE-2024-43958 6.1 akas wisnu aji August 26, 2024
Zynith SEO <= 7.4.9 - Missing Authorization to Unauthenticated Settings Update CVE-2024-43940 5.3 Dave Jong August 26, 2024
Envira Photo Gallery <= 1.8.14 - Missing Authorization CVE-2024-43925 4.3 Rafie Muhammad August 26, 2024
Magic Post Thumbnail <= 5.2.9 - Reflected Cross-Site Scripting CVE-2024-43921 6.1 Le Ngoc Anh August 26, 2024
Propovoice Pro <= 1.7.0.3 - Unauthenticated SQL Injection CVE-2024-43941 10.0 Dave Jong August 26, 2024
WP Crowdfunding <= 2.1.10 - Missing Authorization to Authenticated (Subscriber+) to Enable/Disable Addons CVE-2024-43937 5.3 Trương Hữu Phúc (truonghuuphuc) August 26, 2024
WP Testimonial Widget <= 3.1 - Authenticated (Admin+) SQL Injection CVE-2024-43966 9.1 Newman Hantouli August 26, 2024
Testimonials <= 3.0.8 - Reflected Cross-Site Scripting CVE-2024-43959 6.1 Abdi Pranata August 26, 2024
Gutenverse <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43920 6.4 João Pedro Soares de Alcântara August 26, 2024
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update CVE-2024-8199 4.3 Sajjad Ahmad (jack_sparrow) August 26, 2024
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 21, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Webbernaut 5
16 Le Ngoc Anh 5
17 Bob Matyas 5
18 Peter Thaleikis 4
19 LVT-tholv2k 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation