WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar'
4.3
CVE-2023-1931
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar'
4.3
CVE-2023-1926
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback'
4.3
CVE-2023-1930
Apr 6, 2023
Researcher: Marco Wotschka
qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx
4.3
CVE-2023-29431
Apr 6, 2023
Researcher: István Márton
tencentcloud-cos <= 1.0.7 - Missing Authorization via AJAX actions
4.3
CVE-2023-29433
Apr 6, 2023
Researcher: Mika
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback'
4.3
CVE-2023-1925
Apr 6, 2023
Researcher: Marco Wotschka
Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init
4.3
CVE-2023-29422
Apr 6, 2023
Researcher: minhtuanact
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'
4.3
CVE-2023-1919
Apr 6, 2023
Researcher: Marco Wotschka
PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery
4.3
CVE-2023-24421
Apr 6, 2023
Researcher: Mika
qTranslate X Cleanup and WPML Import <= 3.0.1 - Cross-Site Request Forgery via clean_ajx
4.3
CVE-2023-29431
Apr 6, 2023
Researcher: István Márton
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback'
4.3
CVE-2023-1923
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback'
4.3
CVE-2023-1928
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar'
4.3
CVE-2023-1927
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback'
4.3
CVE-2023-1918
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback'
4.3
CVE-2023-1929
Apr 6, 2023
Researcher: Marco Wotschka
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback'
4.3
CVE-2023-1921
Apr 6, 2023
Researcher: Marco Wotschka
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update
4.3
CVE-2023-1870
Apr 5, 2023
Researcher: Marco Wotschka
Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Apr 5, 2023
Researchers:
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery
4.3
CVE-2023-25051
Apr 4, 2023
Researcher: Mika
MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings
4.3
CVE ID Unknown
Apr 3, 2023
Researchers:
Title CVE ID CVSS Researchers Date
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar' CVE-2023-1931 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar' CVE-2023-1926 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback' CVE-2023-1930 4.3 Marco Wotschka April 6, 2023
qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx CVE-2023-29431 4.3 István Márton April 6, 2023
tencentcloud-cos <= 1.0.7 - Missing Authorization via AJAX actions CVE-2023-29433 4.3 Mika April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback' CVE-2023-1925 4.3 Marco Wotschka April 6, 2023
Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init CVE-2023-29422 4.3 minhtuanact April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback' CVE-2023-1919 4.3 Marco Wotschka April 6, 2023
PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery CVE-2023-24421 4.3 Mika April 6, 2023
qTranslate X Cleanup and WPML Import <= 3.0.1 - Cross-Site Request Forgery via clean_ajx CVE-2023-29431 4.3 István Márton April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback' CVE-2023-1923 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback' CVE-2023-1928 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar' CVE-2023-1927 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback' CVE-2023-1918 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback' CVE-2023-1929 4.3 Marco Wotschka April 6, 2023
WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback' CVE-2023-1921 4.3 Marco Wotschka April 6, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update CVE-2023-1870 4.3 Marco Wotschka April 5, 2023
Product Feed PRO for WooCommerce <= 12.4.4 - Cross-Site Request Forgery 4.3 April 5, 2023
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery CVE-2023-25051 4.3 Mika April 4, 2023
MasterStudy LMS WordPress Plugin <= 2.9.34 - Missing Authorization via wp_ajax_stm_wpcfto_get_settings 4.3 April 3, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Dec 2, 2024
Vulns
1 SOPROBRO 83
2 vgo0 53
3 Peter Thaleikis 48
4 Francesco Carlucci 30
5 Mika 29
6 João Pedro Soares de Alcântara 24
7 zaim 20
8 stealthcopter 20
9 Arkadiusz Hydzik 14
10 thiennv 14
11 theviper17y 14
12 Colin Xu 14
13 yudha 13
14 zakaria 13
15 Tieu Pham Trong Nhan 12
16 ardias 12
17 Lucio Sá 11
18 Gab 10
19 LVT-tholv2k 9
20 mikemyers 9

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation