WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action
9.8
CVE-2023-2278
May 26, 2023
Researcher: István Márton
SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-0489
May 26, 2023
Researcher: István Márton
QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-2492
May 26, 2023
Researcher: Chien Vuong
Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-2899
May 25, 2023
Researcher: István Márton
Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2022-45827
May 25, 2023
Researcher: Cat
WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting
6.1
CVE-2023-33925
May 25, 2023
Researcher: Nguyen Xuan Chien
IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting
5.4
CVE-2023-30745
May 25, 2023
Researcher: WON JOON HWANG
File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-2684
May 25, 2023
Researchers: Hao Huynh, My Le
Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery
4.3
CVE-2022-45823
May 25, 2023
Researcher: Cat
This Day In History <= 3.10.1 - Reflected Cross-Site Scripting
6.1
CVE-2023-34026
May 25, 2023
Researcher: LEE SE HYOUNG
Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection
9.8
CVE-2023-34027
May 25, 2023
Researcher: Mika
Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery
4.3
CVE-2022-45372
May 25, 2023
Researcher: Muhammad Daffa
Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php
5.3
CVE-2023-25443
May 25, 2023
Researcher: Rio Darmawan
AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-2811
May 25, 2023
Researcher: NGO VAN TU
Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery
4.3
CVE-2022-33974
May 25, 2023
Researcher: Muhammad Daffa
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization
5.3
CVE-2023-29174
May 25, 2023
Researcher: Yuki Haruma
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch
6.6
CVE-2023-2761
May 25, 2023
Researchers: Ilyase Dehy, Aymane Mazguiti
IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting
6.1
CVE-2023-30753
May 25, 2023
Researcher: WON JOON HWANG
Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form
5.3
CVE-2023-2751
May 24, 2023
Researcher: Yakshita Sharma
WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection
7.2
CVE-2023-33331
May 24, 2023
Researcher: Rafie Muhammad
Title CVE ID CVSS Researchers Date
WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action CVE-2023-2278 9.8 István Márton May 26, 2023
SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-0489 6.4 István Márton May 26, 2023
QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection CVE-2023-2492 7.2 Chien Vuong May 26, 2023
Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-2899 6.4 István Márton May 25, 2023
Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-45827 4.4 Cat May 25, 2023
WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting CVE-2023-33925 6.1 Nguyen Xuan Chien May 25, 2023
IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting CVE-2023-30745 5.4 WON JOON HWANG May 25, 2023
File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-2684 4.4 Hao Huynh, My Le May 25, 2023
Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery CVE-2022-45823 4.3 Cat May 25, 2023
This Day In History <= 3.10.1 - Reflected Cross-Site Scripting CVE-2023-34026 6.1 LEE SE HYOUNG May 25, 2023
Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection CVE-2023-34027 9.8 Mika May 25, 2023
Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery CVE-2022-45372 4.3 Muhammad Daffa May 25, 2023
Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php CVE-2023-25443 5.3 Rio Darmawan May 25, 2023
AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-2811 4.4 NGO VAN TU May 25, 2023
Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery CVE-2022-33974 4.3 Muhammad Daffa May 25, 2023
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization CVE-2023-29174 5.3 Yuki Haruma May 25, 2023
User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch CVE-2023-2761 6.6 Ilyase Dehy, Aymane Mazguiti May 25, 2023
IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting CVE-2023-30753 6.1 WON JOON HWANG May 25, 2023
Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form CVE-2023-2751 5.3 Yakshita Sharma May 24, 2023
WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection CVE-2023-33331 7.2 Rafie Muhammad May 24, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 22, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 17
5 vgo0 15
6 Rafie Muhammad 11
7 Dave Jong 10
8 Ananda Dhakal 9
9 Marco Wotschka 8
10 Daniel Ruf 7
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Le Ngoc Anh 5
16 Peter Thaleikis 4
17 LVT-tholv2k 4
18 Webbernaut 4
19 István Márton 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation