WordPress Vulnerability Database

Wordfence Intelligence   >   Vulnerability Database
WordPress Core
WordPress Plugins
WordPress Themes

Search All Vulnerabilities

Tip: You can search by CVE ID, software name or slug, or the researcher name. Expand to read about more advanced search options.

If you want to perform more advanced lookups, you can use keywords to further refine your search.

For example, woocommerce researcher:"chloe chamberland" would search for any vulnerabilities discovered by Chloe Chamberland in software that has WooCommerce in the title.

Keywords are added in keyword:value format. If the value contains spaces, you must enclose it in quotation marks.

You can use the following keywords to add criteria to your search:

title
Searches through the title of each vulnerability for matches.
date
Returns vulnerabilities by publication date. Use YYYY-MM-DD, YYYY-MM or YYYY format.
cvss-rating
Use low, medium, high or critical to limit the search to vulnerabilities with the specified rating.
researcher
Returns vulnerabilities credited to researchers containing the given text.
software
Returns vulnerabilities discovered in software containing the given text.
software-slug
Returns vulnerabilities discovered in software exactly matching the given slug.
software-type
Use plugin, theme or core to limit the search to the specified type of software.
By selecting “Search” you acknowledge that you have read and agree to the Wordfence Intelligence Terms and Conditions.

All Vulnerabilities

Submit Vulnerability
Auberge < 1.4.5 - Cross-Site Scripting
6.1
CVE-2015-9502
May 6, 2015
Researcher: Sucuri Research Team
Freshmail <= 1.5.8 - Multiple SQL Injections
9.8
CVE ID Unknown
May 6, 2015
Researcher: Felipe Molina de la Torre
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting
6.1
CVE ID Unknown
May 5, 2015
Researcher: Kacper Szurek
Import CSV or XML Datafeed With Ease <= 3.7.2 - Cross-Site Request Forgery
4.3
CVE-2015-10125
May 5, 2015
Researchers:
WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting
6.1
CVE ID Unknown
May 5, 2015
Researchers:
Registration Forms – User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass
9.8
CVE ID Unknown
May 4, 2015
Researcher: James Hooker
Pie Register 2.0.14-2.0.15 - SQL Injection
9.8
CVE ID Unknown
May 4, 2015
Researcher: James Hooker
Weekly News < 2.2.9 - Cross-Site Scripting
6.1
CVE-2015-9504
May 3, 2015
Researchers:
Slideshow 2.2.8 - 2.2.21 - Information Exposure
7.5
CVE-2015-3634
May 2, 2015
Researchers:
Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting
8.8
CVE-2015-9497
May 2, 2015
Researcher: Kaustubh G. Padwad
GF Windcave Free <= 1.4.3 - Reflected Cross-Site Scripting
6.1
CVE-2015-10117
May 1, 2015
Researchers:
AA-Team Premium SEO Pack <= 1.8.0 - Local File Disclosure and Arbitrary File Upload
9.8
CVE ID Unknown
May 1, 2015
Researcher: Evex
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure
7.5
CVE-2015-3302
Apr 29, 2015
Researcher: High-Tech Bridge Security Research Lab
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal
4.9
CVE-2015-3301
Apr 29, 2015
Researcher: High-Tech Bridge Security Research Lab
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting
6.1
CVE-2015-3300
Apr 29, 2015
Researcher: High-Tech Bridge Security Research Lab
White Label CMS <= 1.5.2 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting
4.7
CVE ID Unknown
Apr 29, 2015
Researcher: James Hooker
rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection
9.8
CVE ID Unknown
Apr 28, 2015
Researcher: James Hooker
Link Log – external link click monitor <= 1.4 - HTTP Response Splitting
7.5
CVE-2015-9345
Apr 28, 2015
Researchers:
Exquisite - Ultimate Newspaper Theme <= 1.3.3 - Cross-Site Scripting
6.1
CVE-2015-9500
Apr 28, 2015
Researcher: Osama Mahmood (M4rkm3n)
WordPress Core < 4.2.1 - Cross-Site Scripting via Comments
7.2
CVE-2015-3440
Apr 27, 2015
Researcher: Jouko Pynnöne
Title CVE ID CVSS Researchers Date
Auberge < 1.4.5 - Cross-Site Scripting CVE-2015-9502 6.1 Sucuri Research Team May 6, 2015
Freshmail <= 1.5.8 - Multiple SQL Injections 9.8 Felipe Molina de la Torre May 6, 2015
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting 6.1 Kacper Szurek May 5, 2015
Import CSV or XML Datafeed With Ease <= 3.7.2 - Cross-Site Request Forgery CVE-2015-10125 4.3 May 5, 2015
WordPress prettyPhoto <= 1.1 - DOM Cross-Site Scripting 6.1 May 5, 2015
Registration Forms – User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass 9.8 James Hooker May 4, 2015
Pie Register 2.0.14-2.0.15 - SQL Injection 9.8 James Hooker May 4, 2015
Weekly News < 2.2.9 - Cross-Site Scripting CVE-2015-9504 6.1 May 3, 2015
Slideshow 2.2.8 - 2.2.21 - Information Exposure CVE-2015-3634 7.5 May 2, 2015
Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2015-9497 8.8 Kaustubh G. Padwad May 2, 2015
GF Windcave Free <= 1.4.3 - Reflected Cross-Site Scripting CVE-2015-10117 6.1 May 1, 2015
AA-Team Premium SEO Pack <= 1.8.0 - Local File Disclosure and Arbitrary File Upload 9.8 Evex May 1, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure CVE-2015-3302 7.5 High-Tech Bridge Security Research Lab April 29, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal CVE-2015-3301 4.9 High-Tech Bridge Security Research Lab April 29, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting CVE-2015-3300 6.1 High-Tech Bridge Security Research Lab April 29, 2015
White Label CMS <= 1.5.2 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting 4.7 James Hooker April 29, 2015
rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection 9.8 James Hooker April 28, 2015
Link Log – external link click monitor <= 1.4 - HTTP Response Splitting CVE-2015-9345 7.5 April 28, 2015
Exquisite - Ultimate Newspaper Theme <= 1.3.3 - Cross-Site Scripting CVE-2015-9500 6.1 Osama Mahmood (M4rkm3n) April 28, 2015
WordPress Core < 4.2.1 - Cross-Site Scripting via Comments CVE-2015-3440 7.2 Jouko Pynnöne April 27, 2015
Submit Vulnerability

Researcher Hall of Fame (Past 30 days)

View All
Rank Name
Vulnerabilities since Nov 26, 2024
Vulns
1 SOPROBRO 109
2 vgo0 62
3 Peter Thaleikis 55
4 João Pedro Soares de Alcântara 37
5 Mika 36
6 Francesco Carlucci 34
7 stealthcopter 22
8 theviper17y 20
9 zaim 20
10 Gab 15
11 thiennv 15
12 ardias 15
13 zakaria 14
14 Colin Xu 14
15 Arkadiusz Hydzik 14
16 yudha 13
17 Tieu Pham Trong Nhan 13
18 Lucio Sá 12
19 LVT-tholv2k 11
20 Trương Hữu Phúc (truonghuuphuc) 11

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation