WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-23828
May 11, 2023
Researcher: István Márton
Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update
4.3
CVE ID Unknown
May 11, 2023
Researchers:
WP-Chatbot for Messenger <= 4.7 - Missing Authorization
5.4
CVE-2023-32581
May 11, 2023
Researcher: István Márton
eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32584
May 11, 2023
Researcher: Pavak Tiwari
Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-23829
May 11, 2023
Researcher: István Márton
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting
6.1
CVE-2022-45366
May 11, 2023
Researcher: Rafie Muhammad
DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-32577
May 11, 2023
Researcher: Rio Darmawan
WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2023-2237
May 10, 2023
Researcher: Marco Wotschka
AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection
7.2
CVE-2023-0900
May 10, 2023
Researchers: Simone Onofri, Donato Onofri
Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via '_user_request'
6.1
CVE-2023-32510
May 10, 2023
Researcher: minhtuanact
WP Chinese Conversion <= 1.1.16 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-32518
May 10, 2023
Researcher: thiennv
YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization
6.5
CVE-2022-44633
May 10, 2023
Researcher: Dave Jong
Link Whisper Free <= 0.6.3 - Missing Authorization via init()
5.3
CVE-2023-32506
May 10, 2023
Researcher: Nguyen Anh Tien
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update
4.3
CVE ID Unknown
May 10, 2023
Researcher: Darius Sveikauskas
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-2224
May 10, 2023
Researcher: Taurus Omar
Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-23667
May 10, 2023
Researcher: István Márton
Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change
5.3
CVE-2023-32507
May 10, 2023
Researcher: minhtuanact
GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection
6.6
CVE-2023-32513
May 10, 2023
Researcher: Rafie Muhammad
Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata'
7.2
CVE-2023-32508
May 10, 2023
Researcher: minhtuanact
Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-23999
May 10, 2023
Researcher: Rafie Muhammad
Title CVE ID CVSS Researchers Date
WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-23828 6.4 István Márton May 11, 2023
Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update 4.3 May 11, 2023
WP-Chatbot for Messenger <= 4.7 - Missing Authorization CVE-2023-32581 5.4 István Márton May 11, 2023
eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32584 4.4 Pavak Tiwari May 11, 2023
Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-23829 6.4 István Márton May 11, 2023
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting CVE-2022-45366 6.1 Rafie Muhammad May 11, 2023
DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-32577 4.4 Rio Darmawan May 11, 2023
WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection CVE-2023-2237 8.8 Marco Wotschka May 10, 2023
AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection CVE-2023-0900 7.2 Simone Onofri, Donato Onofri May 10, 2023
Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via '_user_request' CVE-2023-32510 6.1 minhtuanact May 10, 2023
WP Chinese Conversion <= 1.1.16 - Unauthenticated Stored Cross-Site Scripting CVE-2023-32518 7.2 thiennv May 10, 2023
YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization CVE-2022-44633 6.5 Dave Jong May 10, 2023
Link Whisper Free <= 0.6.3 - Missing Authorization via init() CVE-2023-32506 5.3 Nguyen Anh Tien May 10, 2023
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update 4.3 Darius Sveikauskas May 10, 2023
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-2224 4.4 Taurus Omar May 10, 2023
Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-23667 6.4 István Márton May 10, 2023
Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change CVE-2023-32507 5.3 minhtuanact May 10, 2023
GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection CVE-2023-32513 6.6 Rafie Muhammad May 10, 2023
Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata' CVE-2023-32508 7.2 minhtuanact May 10, 2023
Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-23999 6.4 Rafie Muhammad May 10, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 23, 2024
Vulns
1 stealthcopter 23
2 wesley (wcraft) 19
3 Francesco Carlucci 18
4 vgo0 15
5 Lucio Sá 14
6 Rafie Muhammad 11
7 Dave Jong 10
8 Ananda Dhakal 9
9 Marco Wotschka 7
10 Daniel Ruf 6
11 Krzysztof Zając 6
12 Muhammad Daffa 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Le Ngoc Anh 5
16 István Márton 4
17 Peter Thaleikis 4
18 LVT-tholv2k 4
19 Webbernaut 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation