WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Wordfence Security – Firewall & Malware Scan

2022-09-07
Wordfence < 7.6.1 - Admin+ Stored Cross-Site Scripting
Fixed in version 7.6.1
2018-10-02
Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass
Fixed in version 7.1.14
2014-12-08
Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)
Fixed in version 5.1.5
2014-12-01
Wordfence 5.2.2 - XSS in Referer Header
Fixed in version 5.2.3
2014-10-07
Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)
Fixed in version 5.2.5
2014-09-27
Wordfence 5.2.3 - Multiple Vulnerabilities
Fixed in version 5.2.4
2014-09-22
Wordfence 5.2.3 - Banned IP Functionality Bypass
Fixed in version 5.2.4
2014-09-22
Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS
Fixed in version 5.2.5
2014-09-22
Wordfence 5.2.4 - Unspecified Issue
Fixed in version 5.2.5
2014-08-01
Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS
Fixed in version 3.8.3
2014-08-01
Wordfence 3.3.5 - XSS & IAA
Fixed in version 3.3.7
2014-08-01
Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
Fixed in version 3.8.7
2014-08-01
Wordfence 3.8.1 - Password Creation Restriction Bypass
Fixed in version 3.8.3