WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page
4.3
CVE-2023-23997
Apr 14, 2023
Researcher: Mika
WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-27605
Apr 14, 2023
Researcher: Mika
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.4 - Reflected Cross-Site Scripting
6.1
CVE-2023-30754
Apr 14, 2023
Researcher: Prasanna V Balaji
Educenter <= 1.5.7 - Missing Authorization via activate_plugin
4.3
CVE-2023-30480
Apr 14, 2023
Researcher: Dave Jong
Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30748
Apr 14, 2023
Researcher: István Márton
Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30749
Apr 14, 2023
Researcher: yuyudhn
External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30752
Apr 14, 2023
Researcher: Mahesh Nagabhairava
Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30746
Apr 14, 2023
Researcher: TEAM WEBoB of BoB 11th
Shortcodes by Angie Makes <= 3.46 - Missing Authorization
5.3
CVE-2023-23725
Apr 14, 2023
Researcher: István Márton
WP EasyPay <= 4.0.4 - Cross-Site Request Forgery
4.3
CVE-2022-47177
Apr 14, 2023
Researcher: Cat
Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page'
6.1
CVE-2023-30498
Apr 14, 2023
Researcher: Ivy (TOOR, Lisa)
Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery
5.4
CVE-2022-45367
Apr 14, 2023
Researcher: Muhammad Daffa
Article Directory Redux <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30751
Apr 14, 2023
Researcher: Pavitra Tiwari
WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-27609
Apr 14, 2023
Researcher: Pavak Tiwari
Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting
7.2
CVE-2023-28535
Apr 14, 2023
Researcher: qilin_99
ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass
9.8
CVE-2023-2027
Apr 14, 2023
Researcher: István Márton
WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery
4.3
CVE-2023-27606
Apr 14, 2023
Researcher: Mika
Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-27425
Apr 14, 2023
Researcher: Padavishree
Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-27614
Apr 14, 2023
Researcher: Pavak Tiwari
Affiliate Links Lite <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-22696
Apr 14, 2023
Researcher: Justiice
Title CVE ID CVSS Researchers Date
Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page CVE-2023-23997 4.3 Mika April 14, 2023
WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection CVE-2023-27605 7.2 Mika April 14, 2023
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.4 - Reflected Cross-Site Scripting CVE-2023-30754 6.1 Prasanna V Balaji April 14, 2023
Educenter <= 1.5.7 - Missing Authorization via activate_plugin CVE-2023-30480 4.3 Dave Jong April 14, 2023
Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30748 4.4 István Márton April 14, 2023
Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30749 4.4 yuyudhn April 14, 2023
External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30752 4.4 Mahesh Nagabhairava April 14, 2023
Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30746 4.4 TEAM WEBoB of BoB 11th April 14, 2023
Shortcodes by Angie Makes <= 3.46 - Missing Authorization CVE-2023-23725 5.3 István Márton April 14, 2023
WP EasyPay <= 4.0.4 - Cross-Site Request Forgery CVE-2022-47177 4.3 Cat April 14, 2023
Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page' CVE-2023-30498 6.1 Ivy (TOOR, Lisa) April 14, 2023
Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery CVE-2022-45367 5.4 Muhammad Daffa April 14, 2023
Article Directory Redux <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30751 4.4 Pavitra Tiwari April 14, 2023
WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-27609 4.4 Pavak Tiwari April 14, 2023
Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting CVE-2023-28535 7.2 qilin_99 April 14, 2023
ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass CVE-2023-2027 9.8 István Márton April 14, 2023
WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery CVE-2023-27606 4.3 Mika April 14, 2023
Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-27425 4.4 Padavishree April 14, 2023
Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-27614 4.4 Pavak Tiwari April 14, 2023
Affiliate Links Lite <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-22696 6.4 Justiice April 14, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 25, 2024
Vulns
1 Francesco Carlucci 23
2 stealthcopter 23
3 wesley (wcraft) 22
4 vgo0 19
5 Lucio Sá 17
6 Rafie Muhammad 11
7 Dave Jong 10
8 Ananda Dhakal 9
9 Krzysztof Zając 8
10 Marco Wotschka 7
11 Muhammad Daffa 6
12 Daniel Ruf 6
13 João Pedro Soares de Alcântara 5
14 Peter Thaleikis 5
15 Le Ngoc Anh 5
16 Fariq Fadillah Gusti Insani (fariqfgi) 5
17 Webbernaut 4
18 rezaduty 4
19 István Márton 4
20 LVT-tholv2k 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation