🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Abdi Pranata

Abdi Pranata

All Time Ranking

300

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 101-120 of 300 Vulnerabilities

Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback

5.3

CVE-2023-47793

Nov 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WPCafe <= 2.2.22 - Missing Authorization

5.3

CVE-2023-47805

Nov 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Events Addon for Elementor <= 2.1.2 - Missing Authorization

5.3

CVE-2023-47827

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler

5.3

CVE-2023-47756

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check

5.3

CVE-2023-47764

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Seers <= 8.1.1 - Missing Authorization via multiple AJAX actions

5.3

CVE-2023-47515

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Generate Dummy Posts <= 1.0.0 - Missing Authorization

5.3

CVE-2023-46637

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Broken Link Checker | Finder <= 2.4.2 - Missing Authorization via moblc_auth_save_settings

5.3

CVE-2023-46082

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Block Plugin Update <= 3.3.1 - Cross-Site Request Forgery via bspu_plugin_select.php

5.3

CVE-2023-44261

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WRC Pricing Tables <= 2.3.7 - Missing Authorization

5.3

CVE-2023-32293

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

TelSender <= 1.14.11 - Missing Authorization

5.3

CVE-2023-41683

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WiserNotify Social Proof <= 2.5 - Missing Authorization

5.3

CVE-2023-41690

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal

5.3

CVE-2023-48750

Aug 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Simple Org Chart <= 2.3.4 - Missing Authorization

5.3

CVE-2023-40603

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal

5.3

CVE-2023-40200

Aug 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone

5.3

CVE-2023-38395

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions

5.3

CVE-2023-38483

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering

5.3

CVE-2023-37867

Jul 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization

5.3

CVE-2023-36681

Jul 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

BBS e-Popup <= 2.4.5 - Missing Authorization

5.3

CVE-2023-36504

Jun 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback	CVE-2023-47793	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 15, 2023
WPCafe <= 2.2.22 - Missing Authorization	CVE-2023-47805	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 15, 2023
Events Addon for Elementor <= 2.1.2 - Missing Authorization	CVE-2023-47827	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 14, 2023
Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler	CVE-2023-47756	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 13, 2023
Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check	CVE-2023-47764	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 13, 2023
Seers <= 8.1.1 - Missing Authorization via multiple AJAX actions	CVE-2023-47515	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 7, 2023
Generate Dummy Posts <= 1.0.0 - Missing Authorization	CVE-2023-46637	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 25, 2023
Broken Link Checker \| Finder <= 2.4.2 - Missing Authorization via moblc_auth_save_settings	CVE-2023-46082	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 16, 2023
Block Plugin Update <= 3.3.1 - Cross-Site Request Forgery via bspu_plugin_select.php	CVE-2023-44261	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 27, 2023
WRC Pricing Tables <= 2.3.7 - Missing Authorization	CVE-2023-32293	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 4, 2023
TelSender <= 1.14.11 - Missing Authorization	CVE-2023-41683	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 4, 2023
WiserNotify Social Proof <= 2.5 - Missing Authorization	CVE-2023-41690	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 4, 2023
Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal	CVE-2023-48750	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 21, 2023
Simple Org Chart <= 2.3.4 - Missing Authorization	CVE-2023-40603	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 17, 2023
Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal	CVE-2023-40200	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 16, 2023
WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone	CVE-2023-38395	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 24, 2023
Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions	CVE-2023-38483	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 24, 2023
Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering	CVE-2023-37867	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 10, 2023
Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization	CVE-2023-36681	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 4, 2023
BBS e-Popup <= 2.4.5 - Missing Authorization	CVE-2023-36504	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 23, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation