WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync
4.3
CVE-2023-33333
May 12, 2023
Researcher: Rafie Muhammad
Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings
4.3
CVE-2023-32601
May 12, 2023
Researcher: Badromance 1337
Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2023-32592
May 12, 2023
Researcher: Lokesh Dachepalli
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
4.3
CVE-2023-2556
May 12, 2023
Researcher: Alex Thomas
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner
4.3
CVE ID Unknown
May 12, 2023
Researchers:
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner
4.3
CVE ID Unknown
May 12, 2023
Researchers:
Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication
4.3
CVE-2023-32092
May 12, 2023
Researcher: Skalucy
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item
4.3
CVE-2023-33333
May 12, 2023
Researchers:
AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect
4.3
CVE-2022-4946
May 11, 2023
Researcher: WPScanTeam
WoodMart <= 7.2.1 - Missing Authorization
4.3
CVE-2023-32240
May 11, 2023
Researcher: Dave Jong
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add
4.3
CVE-2023-32586
May 11, 2023
Researcher: István Márton
Injection Guard <= 1.2.1 - Missing Authorization via ig_update
4.3
CVE-2023-32574
May 11, 2023
Researcher: Abdi Pranata
Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery
4.3
CVE-2023-32589
May 11, 2023
Researcher: Yash Kanchhal
Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update
4.3
CVE ID Unknown
May 11, 2023
Researchers:
Simple Calendar <= 3.1.42 - Cross-Site Request Forgery to Transient Cache Clearing
4.3
CVE ID Unknown
May 11, 2023
Researchers:
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons
4.3
CVE-2023-32579
May 11, 2023
Researcher: István Márton
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update
4.3
CVE ID Unknown
May 10, 2023
Researcher: Darius Sveikauskas
Whydonate – FREE Donate button <= 3.12.14 - Cross-Site Request Forgery
4.3
CVE-2023-29238
May 10, 2023
Researcher: easyBug
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery
4.3
CVE-2023-32514
May 10, 2023
Researcher: Mika
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery
4.3
CVE-2023-28749
May 9, 2023
Researcher: Abdi Pranata
Title CVE ID CVSS Researchers Date
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync CVE-2023-33333 4.3 Rafie Muhammad May 12, 2023
Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings CVE-2023-32601 4.3 Badromance 1337 May 12, 2023
Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update CVE-2023-32592 4.3 Lokesh Dachepalli May 12, 2023
WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion CVE-2023-2556 4.3 Alex Thomas May 12, 2023
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner 4.3 May 12, 2023
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_duplicate_cookiebanner 4.3 May 12, 2023
Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication CVE-2023-32092 4.3 Skalucy May 12, 2023
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item CVE-2023-33333 4.3 May 12, 2023
AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect CVE-2022-4946 4.3 WPScanTeam May 11, 2023
WoodMart <= 7.2.1 - Missing Authorization CVE-2023-32240 4.3 Dave Jong May 11, 2023
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add CVE-2023-32586 4.3 István Márton May 11, 2023
Injection Guard <= 1.2.1 - Missing Authorization via ig_update CVE-2023-32574 4.3 Abdi Pranata May 11, 2023
Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery CVE-2023-32589 4.3 Yash Kanchhal May 11, 2023
Injection Guard <= 1.2.1 - Cross-Site Request Forgery via ig_update 4.3 May 11, 2023
Simple Calendar <= 3.1.42 - Cross-Site Request Forgery to Transient Cache Clearing 4.3 May 11, 2023
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons CVE-2023-32579 4.3 István Márton May 11, 2023
Injection Guard <= 1.2.1 - Cross-Site Request Forgery to Whitelist Update 4.3 Darius Sveikauskas May 10, 2023
Whydonate – FREE Donate button <= 3.12.14 - Cross-Site Request Forgery CVE-2023-29238 4.3 easyBug May 10, 2023
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery CVE-2023-32514 4.3 Mika May 10, 2023
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery CVE-2023-28749 4.3 Abdi Pranata May 9, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 17, 2024
Vulns
1 stealthcopter 27
2 Lucio Sá 23
3 wesley (wcraft) 22
4 Francesco Carlucci 21
5 vgo0 17
6 Daniel Ruf 16
7 Dave Jong 11
8 Rafie Muhammad 11
9 Bob Matyas 10
10 Ananda Dhakal 9
11 TANG Cheuk Hei (siunam) 8
12 Marco Wotschka 8
13 Peter Thaleikis 7
14 João Pedro Soares de Alcântara 6
15 Webbernaut 6
16 Muhammad Daffa 6
17 Trương Hữu Phúc (truonghuuphuc) 5
18 Fariq Fadillah Gusti Insani (fariqfgi) 5
19 Krzysztof Zając 4
20 Ngô Thiên An (ancorn_) 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation