Wordfence Intelligence   >   Vulnerability Researchers   >   Ananda Dhakal

Ananda Dhakal

58
All Time Ranking
55
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 21-40 of 55 Vulnerabilities

ReDi Restaurant Reservation <= 24.0422 - Missing Authorization
5.3
CVE-2024-38737
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization
5.3
CVE-2024-38743
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation
5.3
CVE-2024-32798
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
BP Better Messages <= 2.4.32 - Missing Authorization
5.3
CVE-2024-32802
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery
5.3
CVE-2024-32105
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2024-31353
Apr 7, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Profile Builder <= 3.11.2 - Restricted Email Bypass
5.3
CVE-2024-31341
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read
4.9
CVE-2024-35712
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Football Pool <= 2.11.10 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-2024-43130
Aug 7, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-30430
Mar 28, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
JobSearch <= 2.5.3 - Cross-Site Request Forgery
4.3
CVE-2024-43930
Aug 26, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
LatePoint <= 4.9.91 - Cross-Site Request Forgery
4.3
CVE-2024-43945
Aug 26, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
JobSearch <= 2.5.4 - Missing Authorization
4.3
CVE-2024-43928
Aug 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Brave Popup Builder <= 0.7.0 - Cross-Site Request Forgery
4.3
CVE-2024-43337
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference
4.3
CVE-2024-43288
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Flash & HTML5 Video <= 2.5.31 - Authenticated (Subscriber+) Information Exposure
4.3
CVE-2024-43319
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
WP User Manager <= 2.9.10 - Cross-Site Request Forgery
4.3
CVE-2024-43336
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Data Access <= 5.5.7 - Cross-Site Request Forgery
4.3
CVE-2024-43295
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AFI – The Easiest Integration Plugin <= 1.89.4 - Cross-Site Request Forgery
4.3
CVE-2024-43340
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Clone <= 2.4.5 - Missing Authorization
4.3
CVE-2024-43298
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
ReDi Restaurant Reservation <= 24.0422 - Missing Authorization CVE-2024-38737 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 11, 2024
Plum: Spin Wheel & Email Pop-up <= 2.0 - Missing Authorization CVE-2024-38743 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 11, 2024
WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation CVE-2024-32798 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 22, 2024
BP Better Messages <= 2.4.32 - Missing Authorization CVE-2024-32802 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 22, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery CVE-2024-32105 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 11, 2024
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure CVE-2024-31353 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 7, 2024
Profile Builder <= 3.11.2 - Restricted Email Bypass CVE-2024-31341 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 5, 2024
Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read CVE-2024-35712 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N June 6, 2024
Football Pool <= 2.11.10 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2024-43130 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 7, 2024
Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-30430 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 28, 2024
JobSearch <= 2.5.3 - Cross-Site Request Forgery CVE-2024-43930 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 26, 2024
LatePoint <= 4.9.91 - Cross-Site Request Forgery CVE-2024-43945 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 26, 2024
JobSearch <= 2.5.4 - Missing Authorization CVE-2024-43928 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 26, 2024
Brave Popup Builder <= 0.7.0 - Cross-Site Request Forgery CVE-2024-43337 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 16, 2024
wpForo Forum <= 2.3.4 - Authenticated (Subscriber+) Insecure Direct Object Reference CVE-2024-43288 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 16, 2024
Flash & HTML5 Video <= 2.5.31 - Authenticated (Subscriber+) Information Exposure CVE-2024-43319 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N August 16, 2024
WP User Manager <= 2.9.10 - Cross-Site Request Forgery CVE-2024-43336 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 16, 2024
WP Data Access <= 5.5.7 - Cross-Site Request Forgery CVE-2024-43295 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 16, 2024
AFI – The Easiest Integration Plugin <= 1.89.4 - Cross-Site Request Forgery CVE-2024-43340 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 16, 2024
Clone <= 2.4.5 - Missing Authorization CVE-2024-43298 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 16, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation