WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
WooCommerce < 6.3.1 - Unauthorized Order Status Change
4.3
CVE ID Unknown
Mar 10, 2022
Researchers:
Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure
4.3
CVE-2022-0833
Mar 7, 2022
Researcher: cydave
Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
4.3
CVE-2022-4932
Feb 24, 2022
Researcher: Chloe Chamberland
BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
4.3
CVE-2022-4931
Feb 23, 2022
Researcher: Ram
Amelia <= 1.0.46 - Cross-Site Request Forgery
4.3
CVE-2022-0616
Feb 23, 2022
Researcher: Muhamad Hidayat
Hide Admin Bar Based On User Roles < 3.1.0 - Cross-Site Request Forgery
4.3
CVE ID Unknown
Feb 21, 2022
Researcher: Jan w Oleju
WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update
4.3
CVE-2022-23983
Feb 16, 2022
Researcher: Muhammad Daffa
UsersWP <= 1.2.3 - Subscriber+ User Avatar Override
4.3
CVE-2022-0442
Feb 14, 2022
Researcher: Felipe de Avila
Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure
4.3
CVE-2022-0384
Feb 14, 2022
Researcher: Krzysztof Zając
Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion
4.3
CVE-2021-24825
Feb 2, 2022
Researcher: Francesco Carlucci
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access
4.3
CVE-2021-24824
Feb 2, 2022
Researcher: Francesco Carlucci
Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery
4.3
CVE-2021-24913
Jan 31, 2022
Researcher: apple502j
Better Notifications for WP <= 1.8.6 - Email Address Disclosure
4.3
CVE-2022-0345
Jan 31, 2022
Researcher: Krzysztof Zając
Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure
4.3
CVE-2022-23982
Jan 28, 2022
Researcher: Dave Jong
Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation
4.3
CVE-2022-23981
Jan 28, 2022
Researcher: Dave Jong
LearnPress <= 4.1.4.1 - Arbitrary Image Renaming
4.3
CVE-2022-0377
Jan 26, 2022
Researcher: Ceylan Bozogullarindan
Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send
4.3
CVE-2022-0164
Jan 24, 2022
Researcher: Krzysztof Zając
Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery
4.3
CVE-2022-0313
Jan 24, 2022
Researcher: Krzysztof Zając
Futurio Extra <= 1.6.2 - Sensitive Information Disclosure
4.3
CVE-2021-25110
Jan 14, 2022
Researcher: Krzysztof Zając
Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion
4.3
CVE-2021-25084
Jan 4, 2022
Researcher: Krzysztof Zając
Title CVE ID CVSS Researchers Date
WooCommerce < 6.3.1 - Unauthorized Order Status Change 4.3 March 10, 2022
Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure CVE-2022-0833 4.3 cydave March 7, 2022
Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure CVE-2022-4932 4.3 Chloe Chamberland February 24, 2022
BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure CVE-2022-4931 4.3 Ram February 23, 2022
Amelia <= 1.0.46 - Cross-Site Request Forgery CVE-2022-0616 4.3 Muhamad Hidayat February 23, 2022
Hide Admin Bar Based On User Roles < 3.1.0 - Cross-Site Request Forgery 4.3 Jan w Oleju February 21, 2022
WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update CVE-2022-23983 4.3 Muhammad Daffa February 16, 2022
UsersWP <= 1.2.3 - Subscriber+ User Avatar Override CVE-2022-0442 4.3 Felipe de Avila February 14, 2022
Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure CVE-2022-0384 4.3 Krzysztof Zając February 14, 2022
Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion CVE-2021-24825 4.3 Francesco Carlucci February 2, 2022
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access CVE-2021-24824 4.3 Francesco Carlucci February 2, 2022
Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery CVE-2021-24913 4.3 apple502j January 31, 2022
Better Notifications for WP <= 1.8.6 - Email Address Disclosure CVE-2022-0345 4.3 Krzysztof Zając January 31, 2022
Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure CVE-2022-23982 4.3 Dave Jong January 28, 2022
Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation CVE-2022-23981 4.3 Dave Jong January 28, 2022
LearnPress <= 4.1.4.1 - Arbitrary Image Renaming CVE-2022-0377 4.3 Ceylan Bozogullarindan January 26, 2022
Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send CVE-2022-0164 4.3 Krzysztof Zając January 24, 2022
Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery CVE-2022-0313 4.3 Krzysztof Zając January 24, 2022
Futurio Extra <= 1.6.2 - Sensitive Information Disclosure CVE-2021-25110 4.3 Krzysztof Zając January 14, 2022
Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion CVE-2021-25084 4.3 Krzysztof Zając January 4, 2022
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Aug 21, 2024
Vulns
1 stealthcopter 24
2 Francesco Carlucci 20
3 wesley (wcraft) 19
4 Lucio Sá 19
5 Daniel Ruf 16
6 vgo0 15
7 Rafie Muhammad 12
8 Dave Jong 11
9 Ananda Dhakal 9
10 Marco Wotschka 8
11 Muhammad Daffa 6
12 Krzysztof Zając 6
13 João Pedro Soares de Alcântara 5
14 Fariq Fadillah Gusti Insani (fariqfgi) 5
15 Webbernaut 5
16 Le Ngoc Anh 5
17 Bob Matyas 5
18 Peter Thaleikis 4
19 LVT-tholv2k 4
20 rezaduty 4

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation