WordPress Vulnerability Database

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

9.8
CVE ID Unknown
Feb 13, 2020
Researcher: Mikey Veenstra
Title CVE ID CVSS Researchers Date
bbPress <= 2.6.4 - Unauthenticated Privilege Escalation CVE-2020-13693 9.8 hoangkien1020 May 28, 2020
MailerLite Signup Forms < 1.4.4 - Unauthenticated SQL Injection 9.8 Patchstack May 22, 2020
Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter CVE-2021-24139 9.8 Nguyen Anh Tien May 15, 2020
Chop Slider 3 <= 3.4 - Unauthenticated SQL Injection CVE-2020-11530 9.8 Callum Murphy May 9, 2020
TS Poll – Best Poll Plugin for WordPress <1.3.4 - Missing Authorization CVE-2020-11673 9.8 April 13, 2020
OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Unauthenticated Settings Update CVE-2019-17230 9.8 Jerome Bruandet April 3, 2020
LearnDash <= 3.1.5 - Unauthenticated SQL Injection CVE-2020-6009 9.8 April 1, 2020
Login by Auth0 <= 3.11.3 - CSV Injection CVE-2020-7947 9.8 April 1, 2020
LifterLMS Wordpress Plugin <= 3.37.14 - Arbitrary File Write CVE-2020-6008 9.8 Omri Herscovici (Check Point Research), Sagi Tzadik (Check Point Research) March 31, 2020
Custom Searchable Data Entry System <= 1.7.1 - SQL Injection CVE-2020-10817 9.8 March 27, 2020
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint CVE-2020-11514 9.8 Ram March 25, 2020
Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload CVE-2022-0888 9.8 Muhammad Zeeshan (Xib3rR4dAr) March 20, 2020
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution CVE-2020-10564 9.8 riccardo krauter (p4w) March 13, 2020
Search Meter <= 2.13.2 - Remote Code Execution CVE-2020-11548 9.8 Daniel Monzón March 11, 2020
MStore API <= 2.1.5 - Authentication Bypass CVE-2020-36713 9.8 Jerome Bruandet March 11, 2020
ThemeREX Addons (Various Versions) - Missing Authorization CVE-2020-10257 9.8 Chloe Chamberland March 9, 2020
WordPress WP-Advanced-Search <= 3.3.3 - Remote Code Execution 9.8 Florian Hauser March 5, 2020
wpCentral <= 1.5.0 - Improper Access Control to Privilege Escalation CVE-2020-9043 9.8 Chloe Chamberland February 17, 2020
Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection CVE-2020-9006 9.8 Zeroauth February 16, 2020
Profile Builder <= 3.1.0 - Privilege Escalation 9.8 Mikey Veenstra February 13, 2020

Researcher Hall of Fame (Past 30 days)

Rank Name
Vulnerabilities since Oct 27, 2024
Vulns
1 SOPROBRO 214
2 Francesco Carlucci 61
3 Peter Thaleikis 54
4 Gab 43
5 vgo0 40
6 João Pedro Soares de Alcântara 40
7 stealthcopter 39
8 LVT-tholv2k 23
9 Tonn 17
10 Mika 16
11 István Márton 15
12 Arkadiusz Hydzik 14
13 zer0gh0st 12
14 theviper17y 10
15 Trương Hữu Phúc (truonghuuphuc) 9
16 wesley (wcraft) 9
17 Tieu Pham Trong Nhan 9
18 Colin Xu 8
19 Ankit Patel 8
20 Joshua Chan 8

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation