🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Abdi Pranata

Abdi Pranata

All Time Ranking

300

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 201-220 of 300 Vulnerabilities

Responsive Slick Slider WordPress <= 1.4 - Authenticated (Contributor+) Content Injection

4.3

CVE-2023-49852

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Elementor Timeline Widget <= 2.2 - Missing Authorization to Notice Dismissal

4.3

CVE-2023-49755

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Booking System <= 2.0.19.2 - Missing Authorization

4.3

CVE-2023-49758

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Eventin <= 3.3.52 - Missing Authorization

4.3

CVE-2023-49756

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Quotes for WooCommerce <= 2.0.1 - Missing Authorization

4.3

CVE-2023-51680

Nov 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

GoDaddy Email Marketing <= 1.4.3 - Missing Authorization

4.3

CVE-2023-49156

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

IdeaPush <= 8.57 - Missing Authorization

4.3

CVE-2023-48774

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar()

4.3

CVE-2023-48740

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Mail Bank - #1 Mail SMTP Plugin for WordPress <= 4.0.14 - Missing Authorization

4.3

CVE-2023-48332

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WCMultiShipping <= 2.3.5 - Missing Authorization to Log Export

4.3

CVE-2023-48274

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Analytify Dashboard <= 5.1.1 - Cross-Site Request Forgery

4.3

CVE-2023-47841

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Conditional Fields for Contact Form 7 <= 2.4.1 - Missing Authorization

4.3

CVE-2023-47838

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status

4.3

CVE-2023-47807

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

wpMandrill <= 1.33 - Missing Authorization via getAjaxStats

4.3

CVE-2023-47828

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EasyAzon – Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions

4.3

CVE-2023-47780

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice

4.3

CVE-2023-47776

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

LuckyWP Scripts Control <= 1.2.1 - Missing Authorization

4.3

CVE-2023-47778

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Conditional Fields for Contact Form 7 <= 2.4.0 - Missing Authorization

4.3

CVE ID Unknown

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Big File Uploads <= 2.1.1 - Cross-Site Request Forgery via actions

4.3

CVE-2023-47792

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions

4.3

CVE-2023-47760

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Responsive Slick Slider WordPress <= 1.4 - Authenticated (Contributor+) Content Injection	CVE-2023-49852	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 7, 2023
Elementor Timeline Widget <= 2.2 - Missing Authorization to Notice Dismissal	CVE-2023-49755	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 4, 2023
WP Booking System <= 2.0.19.2 - Missing Authorization	CVE-2023-49758	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 4, 2023
Eventin <= 3.3.52 - Missing Authorization	CVE-2023-49756	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 4, 2023
Quotes for WooCommerce <= 2.0.1 - Missing Authorization	CVE-2023-51680	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 30, 2023
GoDaddy Email Marketing <= 1.4.3 - Missing Authorization	CVE-2023-49156	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 28, 2023
IdeaPush <= 8.57 - Missing Authorization	CVE-2023-48774	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 28, 2023
Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar()	CVE-2023-48740	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 23, 2023
Mail Bank - #1 Mail SMTP Plugin for WordPress <= 4.0.14 - Missing Authorization	CVE-2023-48332	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 23, 2023
WCMultiShipping <= 2.3.5 - Missing Authorization to Log Export	CVE-2023-48274	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 21, 2023
Analytify Dashboard <= 5.1.1 - Cross-Site Request Forgery	CVE-2023-47841	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 20, 2023
Conditional Fields for Contact Form 7 <= 2.4.1 - Missing Authorization	CVE-2023-47838	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 16, 2023
10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status	CVE-2023-47807	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 16, 2023
wpMandrill <= 1.33 - Missing Authorization via getAjaxStats	CVE-2023-47828	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 16, 2023
EasyAzon – Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions	CVE-2023-47780	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 14, 2023
miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice	CVE-2023-47776	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 14, 2023
LuckyWP Scripts Control <= 1.2.1 - Missing Authorization	CVE-2023-47778	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 14, 2023
Conditional Fields for Contact Form 7 <= 2.4.0 - Missing Authorization		4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 14, 2023
Big File Uploads <= 2.1.1 - Cross-Site Request Forgery via actions	CVE-2023-47792	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions	CVE-2023-47760	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 13, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation