WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item
4.3
CVE-2023-2842
Jun 5, 2023
Researcher: NGO VAN TU
Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render
4.3
CVE-2023-34384
Jun 3, 2023
Researcher: István Márton
B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure
4.3
CVE-2023-3126
Jun 3, 2023
Researcher: Jerome Bruandet
WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove
4.3
CVE-2023-34386
Jun 3, 2023
Researcher: István Márton
Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler
4.3
CVE-2023-34387
Jun 3, 2023
Researcher: István Márton
WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data
4.3
CVE-2023-34378
Jun 3, 2023
Researcher: István Márton
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
4.3
CVE-2023-0583
Jun 2, 2023
Researcher: Ram
Photo Gallery <= 1.8.15 - Missing Authorization
4.3
CVE-2023-33995
Jun 2, 2023
Researcher: Rafshanzani Suhada
Advanced Flat rate shipping Woocommerce <= 1.6.4.4 - Cross-Site Request Forgery via enableDisable and deletePost
4.3
CVE-2023-34015
Jun 2, 2023
Researcher: Skalucy
Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation
4.3
CVE-2023-34009
Jun 2, 2023
Researcher: István Márton
SpamReferrerBlock <= 2.22 - Cross-Site Request Forgery
4.3
CVE-2023-34371
Jun 2, 2023
Researcher: LEE SE HYOUNG
WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item
4.3
CVE-2023-34002
Jun 2, 2023
Researcher: Mika
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update
4.3
CVE-2023-0584
Jun 2, 2023
Researcher: Ram
Uncanny Toolkit for LearnDash <= 3.6.4.3 - Open Redirect
4.3
CVE-2023-34020
Jun 1, 2023
Researcher: Mika
LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery
4.3
CVE-2023-34025
May 31, 2023
Researcher: konagash
Donation Platform for WooCommerce: Fundraising & Donation Management <= 1.2.9 - Cross-Site Request Forgery to Survey Submission
4.3
CVE ID Unknown
May 31, 2023
Researchers:
WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery
4.3
CVE-2023-34024
May 31, 2023
Researcher: Elliot
Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification
4.3
CVE-2023-31088
May 31, 2023
Researcher: Yuki Haruma
WP Report Post <= 2.1.2 - Cross-Site Request Forgery
4.3
CVE-2023-34171
May 31, 2023
Researcher: Mika
TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery
4.3
CVE-2023-34169
May 31, 2023
Researcher: yuyudhn
Title CVE ID CVSS Researchers Date
WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item CVE-2023-2842 4.3 NGO VAN TU June 5, 2023
Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render CVE-2023-34384 4.3 István Márton June 3, 2023
B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure CVE-2023-3126 4.3 Jerome Bruandet June 3, 2023
WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove CVE-2023-34386 4.3 István Márton June 3, 2023
Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler CVE-2023-34387 4.3 István Márton June 3, 2023
WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data CVE-2023-34378 4.3 István Márton June 3, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update CVE-2023-0583 4.3 Ram June 2, 2023
Photo Gallery <= 1.8.15 - Missing Authorization CVE-2023-33995 4.3 Rafshanzani Suhada June 2, 2023
Advanced Flat rate shipping Woocommerce <= 1.6.4.4 - Cross-Site Request Forgery via enableDisable and deletePost CVE-2023-34015 4.3 Skalucy June 2, 2023
Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation CVE-2023-34009 4.3 István Márton June 2, 2023
SpamReferrerBlock <= 2.22 - Cross-Site Request Forgery CVE-2023-34371 4.3 LEE SE HYOUNG June 2, 2023
WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item CVE-2023-34002 4.3 Mika June 2, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update CVE-2023-0584 4.3 Ram June 2, 2023
Uncanny Toolkit for LearnDash <= 3.6.4.3 - Open Redirect CVE-2023-34020 4.3 Mika June 1, 2023
LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery CVE-2023-34025 4.3 konagash May 31, 2023
Donation Platform for WooCommerce: Fundraising & Donation Management <= 1.2.9 - Cross-Site Request Forgery to Survey Submission 4.3 May 31, 2023
WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery CVE-2023-34024 4.3 Elliot May 31, 2023
Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification CVE-2023-31088 4.3 Yuki Haruma May 31, 2023
WP Report Post <= 2.1.2 - Cross-Site Request Forgery CVE-2023-34171 4.3 Mika May 31, 2023
TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery CVE-2023-34169 4.3 yuyudhn May 31, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 20, 2024
Vulns
1 stealthcopter 25
2 wesley (wcraft) 21
3 Francesco Carlucci 20
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Peter Thaleikis 6
12 Muhammad Daffa 6
13 Krzysztof Zając 6
14 João Pedro Soares de Alcântara 5
15 Webbernaut 5
16 Bob Matyas 5
17 Le Ngoc Anh 5
18 Fariq Fadillah Gusti Insani (fariqfgi) 5
19 rezaduty 4
20 LVT-tholv2k 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation