WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure
4.3
CVE-2024-35691
Jun 6, 2024
Researcher: Dave Jong
Tickera <= 3.5.2.6 - Missing Authorization
4.3
CVE-2024-35729
Jun 6, 2024
Researcher: Manab Jyoti Dowarah
Album Gallery – WordPress Gallery <= 1.5.7 - Missing Authorization
4.3
CVE-2024-35720
Jun 6, 2024
Researcher: Steven Julian
Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure
4.3
CVE-2024-5665
Jun 5, 2024
Researcher: 1337_Wannabe
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization
4.3
CVE-2024-5449
Jun 5, 2024
Researcher: Peter Thaleikis
Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation
4.3
CVE-2024-4788
Jun 5, 2024
Researcher: Lucio Sá
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure
4.3
CVE-2024-35674
Jun 5, 2024
Researcher: Khalid
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion
4.3
CVE-2024-5489
Jun 5, 2024
Researcher: Lucio Sá
Muslim Prayer Time BD <= 2.4 - Cross-Site Request Forgery to Settings Reset
4.3
CVE-2024-4758
Jun 5, 2024
Researcher: Bob Matyas
ProfileGrid <= 5.8.6 - Missing Authorization
4.3
CVE-2024-5453
Jun 4, 2024
Researcher: Lucio Sá
Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization
4.3
CVE-2024-4088
Jun 4, 2024
Researcher: Benedictus Jovan (aillesiM)
Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation
4.3
CVE-2024-5459
Jun 4, 2024
Researcher: Lucio Sá
Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication
4.3
CVE-2024-2368
Jun 4, 2024
Researcher: Lucio Sá
Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval
4.3
CVE-2024-1717
Jun 3, 2024
Researcher: Lucio Sá
Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion
4.3
CVE-2024-4274
Jun 3, 2024
Researcher: Lucio Sá
WP-Recall <= 16.26.6 - Cross-Site Request Forgery
4.3
CVE-2024-35657
Jun 3, 2024
Researcher: Steven Julian
Simple COD Fees for WooCommerce <= 2.0.2 - Missing Authorization
4.3
CVE-2024-35662
Jun 3, 2024
Researcher: LVT-tholv2k
Emergency Password Reset <= 8.0 - Cross-Site Request Forgery
4.3
CVE-2024-35648
Jun 3, 2024
Researcher: Pedro José Navas Pérez
KiviCare <= 3.6.6 - Authenticated (Patient+) Insecure Direct Object Reference
4.3
CVE-2024-35659
Jun 3, 2024
Researcher: Van Lyubov
MJ Update History <= 1.0.4 - Missing Authorization
4.3
CVE-2024-35671
Jun 3, 2024
Researcher: thiennv
Title CVE ID CVSS Researchers Date
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure CVE-2024-35691 4.3 Dave Jong June 6, 2024
Tickera <= 3.5.2.6 - Missing Authorization CVE-2024-35729 4.3 Manab Jyoti Dowarah June 6, 2024
Album Gallery – WordPress Gallery <= 1.5.7 - Missing Authorization CVE-2024-35720 4.3 Steven Julian June 6, 2024
Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure CVE-2024-5665 4.3 1337_Wannabe June 5, 2024
WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization CVE-2024-5449 4.3 Peter Thaleikis June 5, 2024
Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation CVE-2024-4788 4.3 Lucio Sá June 5, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Information Exposure CVE-2024-35674 4.3 Khalid June 5, 2024
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion CVE-2024-5489 4.3 Lucio Sá June 5, 2024
Muslim Prayer Time BD <= 2.4 - Cross-Site Request Forgery to Settings Reset CVE-2024-4758 4.3 Bob Matyas June 5, 2024
ProfileGrid <= 5.8.6 - Missing Authorization CVE-2024-5453 4.3 Lucio Sá June 4, 2024
Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization CVE-2024-4088 4.3 Benedictus Jovan (aillesiM) June 4, 2024
Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation CVE-2024-5459 4.3 Lucio Sá June 4, 2024
Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication CVE-2024-2368 4.3 Lucio Sá June 4, 2024
Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval CVE-2024-1717 4.3 Lucio Sá June 3, 2024
Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion CVE-2024-4274 4.3 Lucio Sá June 3, 2024
WP-Recall <= 16.26.6 - Cross-Site Request Forgery CVE-2024-35657 4.3 Steven Julian June 3, 2024
Simple COD Fees for WooCommerce <= 2.0.2 - Missing Authorization CVE-2024-35662 4.3 LVT-tholv2k June 3, 2024
Emergency Password Reset <= 8.0 - Cross-Site Request Forgery CVE-2024-35648 4.3 Pedro José Navas Pérez June 3, 2024
KiviCare <= 3.6.6 - Authenticated (Patient+) Insecure Direct Object Reference CVE-2024-35659 4.3 Van Lyubov June 3, 2024
MJ Update History <= 1.0.4 - Missing Authorization CVE-2024-35671 4.3 thiennv June 3, 2024
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Nov 21, 2024
Vulns
1 SOPROBRO 139
2 vgo0 68
3 Peter Thaleikis 66
4 Francesco Carlucci 39
5 Mika 37
6 João Pedro Soares de Alcântara 37
7 stealthcopter 23
8 theviper17y 19
9 zaim 19
10 Gab 16
11 thiennv 16
12 zakaria 15
13 ardias 15
14 Arkadiusz Hydzik 15
15 Colin Xu 13
16 mikemyers 12
17 Tieu Pham Trong Nhan 12
18 zer0gh0st 11
19 LVT-tholv2k 11
20 yudha 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation