🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

WordPress Vulnerability Database

Wordfence Intelligence > Vulnerability Database

WordPress Core

WordPress Plugins

WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title

Searches through the title of each vulnerability for matches.

date

Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.

cvss-rating

Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.

researcher

Returns vulnerabilities credited to researchers containing the given text.

software

Returns vulnerabilities discovered in software containing the given text.

software-slug

Returns vulnerabilities discovered in software exactly matching the given slug.

software-type

Use plugin, theme or core to limit the search to the specified type of software.

By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability

WP Super Cache < 1.3.2 - Remote Code Execution

9.8

CVE-2013-2011

Aug 1, 2014

Researcher: Kurt Seifried (Red Hat SRT)

WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting

6.1

CVE-2011-5194

Aug 1, 2014

Researcher: Atmon3r

WP Super Cache <= 1.2 - Remote Code Execution

8.8

CVE-2013-2009

Aug 1, 2014

Researcher: Kurt Seifried (Red Hat SRT)

WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection

9.8

CVE ID Unknown

Aug 1, 2014

Researcher: NICK58

Simple History <= 1.0.7 - Sensitive Information Disclosure

5.3

CVE ID Unknown

Aug 1, 2014

Researchers:

Better WP Security <= 3.6.3 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Aug 1, 2014

Researcher: Yashar Shahinzadeh

Calendar <= 1.3.2 - Cross-Site Request Forgery

4.3

CVE-2013-2698

Aug 1, 2014

Researcher: Charlie Eriksen

WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery

6.5

CVE-2014-2675

Aug 1, 2014

Researcher: Tom Adams

Portable phpMyAdmin <= 1.3.0 - Authentication Bypass

7.3

CVE-2012-5469

Aug 1, 2014

Researcher: Mark Stanislav

All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter

6.1

CVE-2013-5988

Aug 1, 2014

Researchers: Charlie Briggs, Richard Clifford

Really Simple Facebook Twitter Share Buttons < 2.10.5 - Cross-Site Request Forgery

6.3

CVE ID Unknown

Aug 1, 2014

Researchers:

WPtouch <= 3.4.2 - Arbitrary File Upload

9.9

CVE ID Unknown

Aug 1, 2014

Researcher: Marc-Alexandre Montpas

Mingle Forum <= 1.0.32.1 - SQL Injection

8.8

CVE-2012-5328

Aug 1, 2014

Researcher: Gianluca Brindisi

Booking Calendar < 4.1.6 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Aug 1, 2014

Researcher: Dylan Irzi

HK Exif Tags <= 1.11 - Cross-Site Scripting

6.1

CVE-2014-100007

Aug 1, 2014

Researchers:

Adminimize < 1.7.22 - Cross-Site Scripting

5.3

CVE-2011-5128

Aug 1, 2014

Researcher: Am!r

WP Construction Mode <= 1.8 - Cross-Site Scripting

6.1

CVE-2014-4854

Aug 1, 2014

Researcher: ACC3SS

Uploader <= 1.0.4 - Multiple Cross-Site Scripting

6.1

CVE-2013-2287

Aug 1, 2014

Researchers:

WP Post to PDF <= 2.3.1 - Cross-Site Scripting

6.1

CVE ID Unknown

Aug 1, 2014

Researcher: HauntIT

SlideDeck 2 <= 2.3.3 - Local/Remote File Inclusion

9.8

CVE-2013-7483

Aug 1, 2014

Researchers:

Title	CVE ID	CVSS	Researchers	Date
WP Super Cache < 1.3.2 - Remote Code Execution	CVE-2013-2011	9.8	Kurt Seifried (Red Hat SRT)	August 1, 2014
WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting	CVE-2011-5194	6.1	Atmon3r	August 1, 2014
WP Super Cache <= 1.2 - Remote Code Execution	CVE-2013-2009	8.8	Kurt Seifried (Red Hat SRT)	August 1, 2014
WordPress Automatic Plugin <= 2.0.3 - Cross-Site Request Forgery to SQL Injection		9.8	NICK58	August 1, 2014
Simple History <= 1.0.7 - Sensitive Information Disclosure		5.3		August 1, 2014
Better WP Security <= 3.6.3 - Stored Cross-Site Scripting		6.4	Yashar Shahinzadeh	August 1, 2014
Calendar <= 1.3.2 - Cross-Site Request Forgery	CVE-2013-2698	4.3	Charlie Eriksen	August 1, 2014
WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery	CVE-2014-2675	6.5	Tom Adams	August 1, 2014
Portable phpMyAdmin <= 1.3.0 - Authentication Bypass	CVE-2012-5469	7.3	Mark Stanislav	August 1, 2014
All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter	CVE-2013-5988	6.1	Charlie Briggs, Richard Clifford	August 1, 2014
Really Simple Facebook Twitter Share Buttons < 2.10.5 - Cross-Site Request Forgery		6.3		August 1, 2014
WPtouch <= 3.4.2 - Arbitrary File Upload		9.9	Marc-Alexandre Montpas	August 1, 2014
Mingle Forum <= 1.0.32.1 - SQL Injection	CVE-2012-5328	8.8	Gianluca Brindisi	August 1, 2014
Booking Calendar < 4.1.6 - Cross-Site Request Forgery		4.3	Dylan Irzi	August 1, 2014
HK Exif Tags <= 1.11 - Cross-Site Scripting	CVE-2014-100007	6.1		August 1, 2014
Adminimize < 1.7.22 - Cross-Site Scripting	CVE-2011-5128	5.3	Am!r	August 1, 2014
WP Construction Mode <= 1.8 - Cross-Site Scripting	CVE-2014-4854	6.1	ACC3SS	August 1, 2014
Uploader <= 1.0.4 - Multiple Cross-Site Scripting	CVE-2013-2287	6.1		August 1, 2014
WP Post to PDF <= 2.3.1 - Cross-Site Scripting		6.1	HauntIT	August 1, 2014
SlideDeck 2 <= 2.3.3 - Local/Remote File Inclusion	CVE-2013-7483	9.8		August 1, 2014

Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All

Rank	Name	Vulnerabilities since Aug 22, 2024 Vulns
1	stealthcopter	24
2	Francesco Carlucci	20
3	wesley (wcraft)	19
4	Lucio Sá	17
5	vgo0	15
6	Rafie Muhammad	11
7	Dave Jong	10
8	Ananda Dhakal	9
9	Marco Wotschka	8
10	Daniel Ruf	7
11	Muhammad Daffa	6
12	Krzysztof Zając	6
13	João Pedro Soares de Alcântara	5
14	Fariq Fadillah Gusti Insani (fariqfgi)	5
15	Le Ngoc Anh	5
16	Peter Thaleikis	4
17	LVT-tholv2k	4
18	Webbernaut	4
19	István Márton	4
20	rezaduty	4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation