WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation
4.3
CVE ID Unknown
Apr 3, 2023
Researchers:
Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Welcome Bar <= 2.0.3 - Missing Authorization
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Welcome Bar <= 2.0.3 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Mar 31, 2023
Researchers:
Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation
4.3
CVE-2023-23801
Mar 31, 2023
Researcher: István Márton
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()
4.3
CVE-2023-28995
Mar 30, 2023
Researcher: Abdi Pranata
WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation()
4.3
CVE-2023-23731
Mar 30, 2023
Researcher: István Márton
HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation
4.3
CVE-2023-23791
Mar 30, 2023
Researcher: István Márton
Viral Mag <= 1.0.9 - Missing Authorization to Arbitrary Plugin Activation
4.3
CVE-2023-28990
Mar 30, 2023
Researcher: Dave Jong
Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count
4.3
CVE-2022-46846
Mar 30, 2023
Researcher: Cat
Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure
4.3
CVE-2023-26533
Mar 30, 2023
Researcher: Junsu Yeo
Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect()
4.3
CVE-2023-23787
Mar 30, 2023
Researcher: Rio Darmawan
Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation
4.3
CVE-2023-23792
Mar 30, 2023
Researcher: István Márton
Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes
4.3
CVE-2023-28930
Mar 29, 2023
Researcher: Yuki Haruma
Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action()
4.3
CVE-2023-28986
Mar 29, 2023
Researcher: minhtuanact
Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout()
4.3
CVE-2023-28989
Mar 29, 2023
Researcher: Muhammad Daffa
WP VR <= 8.2.9 - Missing Authorization
4.3
CVE-2023-1414
Mar 29, 2023
Researcher: Erwan LR
Feed Them Social <= 4.0.7 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Mar 29, 2023
Researchers:
Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery
4.3
CVE-2023-28987
Mar 29, 2023
Researcher: Mika
Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list
4.3
CVE-2022-41635
Mar 28, 2023
Researcher: István Márton
Title CVE ID CVSS Researchers Date
HT Builder <= 1.2.9 - Cross-Site Request Forgery via plugin_activation 4.3 April 3, 2023
Advanced Local Pickup for WooCommerce <= 1.5.2 - Cross-Site Request Forgery 4.3 March 31, 2023
Welcome Bar <= 2.0.3 - Missing Authorization 4.3 March 31, 2023
Welcome Bar <= 2.0.3 - Cross-Site Request Forgery 4.3 March 31, 2023
Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation CVE-2023-23801 4.3 István Márton March 31, 2023
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page() CVE-2023-28995 4.3 Abdi Pranata March 30, 2023
WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation() CVE-2023-23731 4.3 István Márton March 30, 2023
HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation CVE-2023-23791 4.3 István Márton March 30, 2023
Viral Mag <= 1.0.9 - Missing Authorization to Arbitrary Plugin Activation CVE-2023-28990 4.3 Dave Jong March 30, 2023
Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count CVE-2022-46846 4.3 Cat March 30, 2023
Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure CVE-2023-26533 4.3 Junsu Yeo March 30, 2023
Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect() CVE-2023-23787 4.3 Rio Darmawan March 30, 2023
Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation CVE-2023-23792 4.3 István Márton March 30, 2023
Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes CVE-2023-28930 4.3 Yuki Haruma March 29, 2023
Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action() CVE-2023-28986 4.3 minhtuanact March 29, 2023
Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout() CVE-2023-28989 4.3 Muhammad Daffa March 29, 2023
WP VR <= 8.2.9 - Missing Authorization CVE-2023-1414 4.3 Erwan LR March 29, 2023
Feed Them Social <= 4.0.7 - Cross-Site Request Forgery 4.3 March 29, 2023
Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery CVE-2023-28987 4.3 Mika March 29, 2023
Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list CVE-2022-41635 4.3 István Márton March 28, 2023
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 21, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Webbernaut 5
16 Le Ngoc Anh 5
17 Bob Matyas 5
18 Peter Thaleikis 4
19 LVT-tholv2k 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation