WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery
4.3
CVE-2023-40558
Aug 16, 2023
Researcher: thiennv
Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery
4.3
CVE-2023-40556
Aug 16, 2023
Researcher: Nguyen Xuan Chien
WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View
4.3
CVE-2023-4374
Aug 15, 2023
Researcher: István Márton
Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request'
4.3
CVE-2023-40326
Aug 15, 2023
Researcher: David
Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization
4.3
CVE ID Unknown
Aug 14, 2023
Researchers:
Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin/class-make-paths-relative-admin.php'
4.3
CVE-2023-27433
Aug 14, 2023
Researcher: Mika
JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization
4.3
CVE-2023-38394
Aug 13, 2023
Researcher: Rafie Muhammad
Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options'
4.3
CVE-2023-40198
Aug 11, 2023
Researcher: Abdi Pranata
WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData'
4.3
CVE-2023-40199
Aug 11, 2023
Researcher: Abdi Pranata
Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process'
4.3
CVE-2023-39995
Aug 11, 2023
Researcher: Cat
WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2023-40009
Aug 11, 2023
Researcher: Nguyen Xuan Chien
Futurio Extra <= 1.9.0 - Cross-Site Request Forgery
4.3
CVE-2023-40201
Aug 11, 2023
Researcher: István Márton
WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery
4.3
CVE-2023-40212
Aug 11, 2023
Researcher: Mika
Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference
4.3
CVE-2023-49765
Aug 11, 2023
Researcher: RE-ALTER
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save
4.3
CVE-2023-3764
Aug 11, 2023
Researcher: Marco Wotschka
SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings'
4.3
CVE-2023-40210
Aug 11, 2023
Researcher: Skalucy
Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod'
4.3
CVE-2023-40201
Aug 11, 2023
Researcher: István Márton
WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test'
4.3
CVE-2023-40202
Aug 11, 2023
Researcher: István Márton
Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery
4.3
CVE-2022-47168
Aug 11, 2023
Researcher: István Márton
Avada <= 7.11.1 - Missing Authorization
4.3
CVE-2023-39922
Aug 10, 2023
Researcher: Rafie Muhammad
Title CVE ID CVSS Researchers Date
Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery CVE-2023-40558 4.3 thiennv August 16, 2023
Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery CVE-2023-40556 4.3 Nguyen Xuan Chien August 16, 2023
WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View CVE-2023-4374 4.3 István Márton August 15, 2023
Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request' CVE-2023-40326 4.3 David August 15, 2023
Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization 4.3 August 14, 2023
Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin/class-make-paths-relative-admin.php' CVE-2023-27433 4.3 Mika August 14, 2023
JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization CVE-2023-38394 4.3 Rafie Muhammad August 13, 2023
Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options' CVE-2023-40198 4.3 Abdi Pranata August 11, 2023
WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData' CVE-2023-40199 4.3 Abdi Pranata August 11, 2023
Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process' CVE-2023-39995 4.3 Cat August 11, 2023
WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update CVE-2023-40009 4.3 Nguyen Xuan Chien August 11, 2023
Futurio Extra <= 1.9.0 - Cross-Site Request Forgery CVE-2023-40201 4.3 István Márton August 11, 2023
WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery CVE-2023-40212 4.3 Mika August 11, 2023
Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference CVE-2023-49765 4.3 RE-ALTER August 11, 2023
WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save CVE-2023-3764 4.3 Marco Wotschka August 11, 2023
SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings' CVE-2023-40210 4.3 Skalucy August 11, 2023
Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod' CVE-2023-40201 4.3 István Márton August 11, 2023
WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test' CVE-2023-40202 4.3 István Márton August 11, 2023
Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery CVE-2022-47168 4.3 István Márton August 11, 2023
Avada <= 7.11.1 - Missing Authorization CVE-2023-39922 4.3 Rafie Muhammad August 10, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 21, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Webbernaut 5
16 Le Ngoc Anh 5
17 Bob Matyas 5
18 Peter Thaleikis 4
19 LVT-tholv2k 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation