WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
ProfileGrid <= 5.7.8 - Cross-Site Request Forgery
4.3
CVE-2024-31362
Apr 8, 2024
Researcher: thiennv
LifterLMS <= 7.5.0 - Cross-Site Request Forgery
4.3
CVE-2024-31363
Apr 8, 2024
Researcher: Dhabaleshwar Das
Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery
4.3
CVE-2024-31354
Apr 7, 2024
Researcher: Ananda Dhakal
Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery
4.3
CVE-2024-31293
Apr 5, 2024
Researcher: Dhabaleshwar Das
ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()
4.3
CVE-2024-31299
Apr 5, 2024
Researcher: Majed Refaea
WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery
4.3
CVE-2024-31262
Apr 5, 2024
Researcher: Skalucy
Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal
4.3
CVE-2024-31287
Apr 5, 2024
Researcher: Majed Refaea
Easy Social Share Buttons <= 9.4 - Missing Authorization
4.3
CVE-2024-31307
Apr 5, 2024
Researcher: Rafie Muhammad
ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery
4.3
CVE-2024-31272
Apr 5, 2024
Researcher: beluga
AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback()
4.3
CVE-2024-31268
Apr 5, 2024
Researcher: Dhabaleshwar Das
Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery
4.3
CVE-2024-31238
Apr 5, 2024
Researcher: thiennv
Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery
4.3
CVE-2024-31263
Apr 5, 2024
Researcher: Skalucy
WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery
4.3
CVE-2024-31285
Apr 5, 2024
Researcher: Majed Refaea
Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order()
4.3
CVE-2024-31347
Apr 5, 2024
Researcher: Abdi Pranata
WC Marketplace <= 4.1.3 - Missing Authorization
4.3
CVE-2024-31304
Apr 5, 2024
Researcher: LVT-tholv2k
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion
4.3
CVE-2024-3059
Apr 5, 2024
Researcher: Bob Matyas
Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization
4.3
CVE-2024-31267
Apr 5, 2024
Researcher: Dhabaleshwar Das
WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery
4.3
CVE-2024-31235
Apr 5, 2024
Researcher: Dhabaleshwar Das
ARForms Form Builder <= 1.6.1 - Missing Authorization
4.3
CVE-2024-31270
Apr 5, 2024
Researcher: beluga
Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure
4.3
CVE-2024-31252
Apr 5, 2024
Researcher: emad
Title CVE ID CVSS Researchers Date
ProfileGrid <= 5.7.8 - Cross-Site Request Forgery CVE-2024-31362 4.3 thiennv April 8, 2024
LifterLMS <= 7.5.0 - Cross-Site Request Forgery CVE-2024-31363 4.3 Dhabaleshwar Das April 8, 2024
Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery CVE-2024-31354 4.3 Ananda Dhakal April 7, 2024
Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery CVE-2024-31293 4.3 Dhabaleshwar Das April 5, 2024
ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page() CVE-2024-31299 4.3 Majed Refaea April 5, 2024
WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery CVE-2024-31262 4.3 Skalucy April 5, 2024
Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal CVE-2024-31287 4.3 Majed Refaea April 5, 2024
Easy Social Share Buttons <= 9.4 - Missing Authorization CVE-2024-31307 4.3 Rafie Muhammad April 5, 2024
ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery CVE-2024-31272 4.3 beluga April 5, 2024
AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback() CVE-2024-31268 4.3 Dhabaleshwar Das April 5, 2024
Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery CVE-2024-31238 4.3 thiennv April 5, 2024
Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery CVE-2024-31263 4.3 Skalucy April 5, 2024
WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery CVE-2024-31285 4.3 Majed Refaea April 5, 2024
Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order() CVE-2024-31347 4.3 Abdi Pranata April 5, 2024
WC Marketplace <= 4.1.3 - Missing Authorization CVE-2024-31304 4.3 LVT-tholv2k April 5, 2024
ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion CVE-2024-3059 4.3 Bob Matyas April 5, 2024
Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization CVE-2024-31267 4.3 Dhabaleshwar Das April 5, 2024
WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery CVE-2024-31235 4.3 Dhabaleshwar Das April 5, 2024
ARForms Form Builder <= 1.6.1 - Missing Authorization CVE-2024-31270 4.3 beluga April 5, 2024
Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure CVE-2024-31252 4.3 emad April 5, 2024
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Nov 28, 2024
Vulns
1 SOPROBRO 84
2 vgo0 58
3 Peter Thaleikis 54
4 Mika 36
5 João Pedro Soares de Alcântara 33
6 Francesco Carlucci 31
7 stealthcopter 21
8 zaim 20
9 theviper17y 15
10 thiennv 14
11 ardias 14
12 Arkadiusz Hydzik 14
13 Colin Xu 14
14 yudha 13
15 zakaria 13
16 Tieu Pham Trong Nhan 12
17 Lucio Sá 12
18 Gab 11
19 Trương Hữu Phúc (truonghuuphuc) 10
20 zer0gh0st 10

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation