Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

WordPress Vulnerability Database

Wordfence Intelligence > Vulnerability Database

WordPress Core

WordPress Plugins

WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability

Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4413

Mar 1, 2021

Researcher: Jerome Bruandet

Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4400

Mar 1, 2021

Researcher: Jerome Bruandet

Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure

4.3

CVE-2021-24164

Feb 16, 2021

Researcher: Chloe Chamberland

WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change

4.3

CVE-2021-4371

Jan 12, 2021

Researcher: Jerome Bruandet

Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure

4.3

CVE ID Unknown

Jan 6, 2021

Researchers:

4.3

CVE ID Unknown

Nov 19, 2020

Researcher: Lenon Leite

WordPress Core < 5.5.2 - Cross-Site Request Forgery to Theme Image Change

4.3

CVE-2020-28040

Oct 29, 2020

Researcher: Erwan LR

WordPress Core < 5.5.2 - Spam Embed on Multisite Installations

4.3

CVE-2020-28033

Oct 29, 2020

Researcher: David Binovec

Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36755

Sep 26, 2020

Researcher: Jerome Bruandet

Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36760

Sep 26, 2020

Researcher: Jerome Bruandet

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36736

Sep 26, 2020

Researcher: Jerome Bruandet

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36735

Sep 26, 2020

Researcher: Jerome Bruandet

Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36753

Sep 26, 2020

Researcher: Jerome Bruandet

Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36754

Sep 16, 2020

Researcher: Jerome Bruandet

Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36752

Sep 16, 2020

Researcher: Jerome Bruandet

Top 10 <= 2.9.4 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36761

Sep 16, 2020

Researcher: Jerome Bruandet

Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36739

Sep 16, 2020

Researcher: Jerome Bruandet

Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36740

Sep 16, 2020

Researcher: Jerome Bruandet

Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36738

Sep 16, 2020

Researcher: Jerome Bruandet

Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36737

Sep 16, 2020

Researcher: Jerome Bruandet

Title	CVE ID	CVSS	Researchers	Date
Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass	CVE-2021-4413	4.3	Jerome Bruandet	March 1, 2021
Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass	CVE-2021-4400	4.3	Jerome Bruandet	March 1, 2021
Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure	CVE-2021-24164	4.3	Chloe Chamberland	February 16, 2021
WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change	CVE-2021-4371	4.3	Jerome Bruandet	January 12, 2021
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.2 - IDOR to Sensitive Information Disclosure		4.3		January 6, 2021
Contextual Related Posts <= 2.9.3 - Cross-Site Request Forgery		4.3	Lenon Leite	November 19, 2020
WordPress Core < 5.5.2 - Cross-Site Request Forgery to Theme Image Change	CVE-2020-28040	4.3	Erwan LR	October 29, 2020
WordPress Core < 5.5.2 - Spam Embed on Multisite Installations	CVE-2020-28033	4.3	David Binovec	October 29, 2020
Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass	CVE-2020-36755	4.3	Jerome Bruandet	September 26, 2020
Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass	CVE-2020-36760	4.3	Jerome Bruandet	September 26, 2020
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass	CVE-2020-36736	4.3	Jerome Bruandet	September 26, 2020
WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass	CVE-2020-36735	4.3	Jerome Bruandet	September 26, 2020
Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass	CVE-2020-36753	4.3	Jerome Bruandet	September 26, 2020
Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass	CVE-2020-36754	4.3	Jerome Bruandet	September 16, 2020
Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass	CVE-2020-36752	4.3	Jerome Bruandet	September 16, 2020
Top 10 <= 2.9.4 - Cross-Site Request Forgery Bypass	CVE-2020-36761	4.3	Jerome Bruandet	September 16, 2020
Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass	CVE-2020-36739	4.3	Jerome Bruandet	September 16, 2020
Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass	CVE-2020-36740	4.3	Jerome Bruandet	September 16, 2020
Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass	CVE-2020-36738	4.3	Jerome Bruandet	September 16, 2020
Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass	CVE-2020-36737	4.3	Jerome Bruandet	September 16, 2020

Submit Vulnerability

«
‹
1
2
...
1080
1081
1082
...
1092
1093
›
»

Researcher Hall of Fame (Past 30 days)

View All

Rank	Name	Vulnerabilities since Dec 9, 2024 Vulns
1	SOPROBRO	102
2	vgo0	62
3	Mika	49
4	Peter Thaleikis	47
5	João Pedro Soares de Alcântara	45
6	Rafie Muhammad	35
7	zaim	25
8	Lucio Sá	24
9	Francesco Carlucci	24
10	stealthcopter	22
11	theviper17y	20
12	ardias	17
13	yudha	17
14	thiennv	17
15	zakaria	15
16	Tieu Pham Trong Nhan	13
17	Trương Hữu Phúc (truonghuuphuc)	13
18	LVT-tholv2k	13
19	Colin Xu	12
20	Bonds	11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation