WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'
4.3
CVE-2023-40213
Aug 10, 2023
Researcher: Abdi Pranata
Fusion Builder <= 3.11.1 - Missing Authorization
4.3
CVE-2023-39310
Aug 10, 2023
Researcher: Rafie Muhammad
YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status'
4.3
CVE-2023-36506
Aug 10, 2023
Researcher: thiennv
Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Cross-Site Request Forgery to Course Modifications
4.3
CVE ID Unknown
Aug 8, 2023
Researchers:
Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Course Modifications
4.3
CVE-2023-39990
Aug 8, 2023
Researcher: Rafie Muhammad
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check
4.3
CVE-2023-4242
Aug 8, 2023
Researcher: Ram
JCH Optimize <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification
4.3
CVE ID Unknown
Aug 8, 2023
Researchers:
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Aug 8, 2023
Researchers:
The Post Grid <= 7.2.7 - Cross-Site Request Forgery
4.3
CVE-2023-39923
Aug 7, 2023
Researcher: István Márton
GDPR Cookie Compliance <= 4.12.4 - Cross-Site Request Forgery to License Modification
4.3
CVE-2023-4013
Aug 7, 2023
Researcher: Erwan LR
POEditor <= 0.9.7 - Cross-Site Request Forgery
4.3
CVE-2023-4209
Aug 7, 2023
Researcher: Dmitrii Ignatyev
User Activity Tracking and Log <= 4.0.8 - Cross-Site Request Forgery
4.3
CVE-2023-4150
Aug 7, 2023
Researcher: Erwan LR
Photo Gallery by Ays <= 5.2.6 - Cross-Site Request Forgery
4.3
CVE-2023-39917
Aug 7, 2023
Researcher: Skalucy
Sign-up Sheets <= 2.2.8 - Cross-Site Request Forgery
4.3
CVE-2023-39165
Aug 7, 2023
Researcher: Nguyen Xuan Chien
Simple Blog Card <= 1.31 - Sensitive Information Exposure
4.3
CVE-2023-4036
Aug 3, 2023
Researcher: Erwan LR
MultiParcels Shipping For WooCommerce <= 1.15.1 - Cross-Site Request Forgery
4.3
CVE-2023-3366
Jul 31, 2023
Researcher: Erwan LR
Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function
4.3
CVE-2023-3977
Jul 27, 2023
Researcher: Chloe Chamberland
CartFlows Pro <= 1.11.12 - Cross-Site Request Forgery
4.3
CVE-2023-36685
Jul 27, 2023
Researcher: Rafie Muhammad
Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function
4.3
CVE-2023-0958
Jul 27, 2023
Researcher: Chloe Chamberland
Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery
4.3
CVE-2023-25489
Jul 26, 2023
Researcher: Mika
Title CVE ID CVSS Researchers Date
Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice' CVE-2023-40213 4.3 Abdi Pranata August 10, 2023
Fusion Builder <= 3.11.1 - Missing Authorization CVE-2023-39310 4.3 Rafie Muhammad August 10, 2023
YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status' CVE-2023-36506 4.3 thiennv August 10, 2023
Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Cross-Site Request Forgery to Course Modifications 4.3 August 8, 2023
Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Course Modifications CVE-2023-39990 4.3 Rafie Muhammad August 8, 2023
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check CVE-2023-4242 4.3 Ram August 8, 2023
JCH Optimize <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification 4.3 August 8, 2023
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.6.8 - Cross-Site Request Forgery 4.3 August 8, 2023
The Post Grid <= 7.2.7 - Cross-Site Request Forgery CVE-2023-39923 4.3 István Márton August 7, 2023
GDPR Cookie Compliance <= 4.12.4 - Cross-Site Request Forgery to License Modification CVE-2023-4013 4.3 Erwan LR August 7, 2023
POEditor <= 0.9.7 - Cross-Site Request Forgery CVE-2023-4209 4.3 Dmitrii Ignatyev August 7, 2023
User Activity Tracking and Log <= 4.0.8 - Cross-Site Request Forgery CVE-2023-4150 4.3 Erwan LR August 7, 2023
Photo Gallery by Ays <= 5.2.6 - Cross-Site Request Forgery CVE-2023-39917 4.3 Skalucy August 7, 2023
Sign-up Sheets <= 2.2.8 - Cross-Site Request Forgery CVE-2023-39165 4.3 Nguyen Xuan Chien August 7, 2023
Simple Blog Card <= 1.31 - Sensitive Information Exposure CVE-2023-4036 4.3 Erwan LR August 3, 2023
MultiParcels Shipping For WooCommerce <= 1.15.1 - Cross-Site Request Forgery CVE-2023-3366 4.3 Erwan LR July 31, 2023
Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function CVE-2023-3977 4.3 Chloe Chamberland July 27, 2023
CartFlows Pro <= 1.11.12 - Cross-Site Request Forgery CVE-2023-36685 4.3 Rafie Muhammad July 27, 2023
Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function CVE-2023-0958 4.3 Chloe Chamberland July 27, 2023
Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery CVE-2023-25489 4.3 Mika July 26, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 21, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Webbernaut 5
16 Le Ngoc Anh 5
17 Bob Matyas 5
18 Peter Thaleikis 4
19 LVT-tholv2k 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation