Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Ananda Dhakal

Ananda Dhakal

All Time Ranking

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Is this you? Register as a researcher today to add more public profile details here!

Showing 41-60 of 86 Vulnerabilities

WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation

5.3

CVE-2024-32798

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery

5.3

CVE-2024-32105

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-31353

Apr 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Profile Builder <= 3.11.2 - Restricted Email Bypass

5.3

CVE-2024-31341

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read

4.9

CVE-2024-35712

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Football Pool <= 2.11.10 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-43130

Aug 7, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-30430

Mar 28, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Conversios.io <= 7.2.3 - Missing Authorization

4.3

CVE-2025-30909

Mar 27, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Booknetic <= 4.0.9 - Cross-Site Request Forgery

4.3

CVE-2025-26926

Feb 24, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Pie Register Premium <= 3.8.3.2 - Missing Authorization

4.3

CVE-2025-26948

Feb 24, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Bridge Core <= 3.3 - Missing Authorization

4.3

CVE-2025-24744

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Houzez <= 3.4.0 - Missing Authorization

4.3

CVE-2025-24754

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Product Size Charts Plugin for WooCommerce <= 2.4.5 - Missing Authorization

4.3

CVE-2025-23991

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery

4.3

CVE-2025-24623

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SendGrid for WordPress <= 1.4 - Missing Authorization

4.3

CVE-2025-23423

Jan 16, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Avada <= 7.11.10 - Cross-Site Request Forgery

4.3

CVE-2024-54357

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization

4.3

CVE-2024-53816

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Jobify - Job Board WordPress Theme <= 4.2.3 - Cross-Site Request Forgery

4.3

CVE-2024-52479

Nov 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Disable Admin Notices individually <= 1.3.6 - Cross-Site Request Forgery

4.3

CVE-2024-52420

Nov 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Dynamic Widgets <= 1.6.4 - Cross-Site Request Forgery

4.3

CVE-2024-51669

Nov 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation	CVE-2024-32798	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery	CVE-2024-32105	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 11, 2024
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure	CVE-2024-31353	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 7, 2024
Profile Builder <= 3.11.2 - Restricted Email Bypass	CVE-2024-31341	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
Database Cleaner <= 1.0.5 - Authenticated (Admin+) Arbitrary File Read	CVE-2024-35712	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	June 6, 2024
Football Pool <= 2.11.10 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-43130	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 7, 2024
Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-30430	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 28, 2024
Conversios.io <= 7.2.3 - Missing Authorization	CVE-2025-30909	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 27, 2025
Booknetic <= 4.0.9 - Cross-Site Request Forgery	CVE-2025-26926	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 24, 2025
Pie Register Premium <= 3.8.3.2 - Missing Authorization	CVE-2025-26948	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 24, 2025
Bridge Core <= 3.3 - Missing Authorization	CVE-2025-24744	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 24, 2025
Houzez <= 3.4.0 - Missing Authorization	CVE-2025-24754	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 24, 2025
Product Size Charts Plugin for WooCommerce <= 2.4.5 - Missing Authorization	CVE-2025-23991	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 24, 2025
Really Simple SSL <= 9.1.4 - Cross-Site Request Forgery	CVE-2025-24623	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 24, 2025
SendGrid for WordPress <= 1.4 - Missing Authorization	CVE-2025-23423	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 16, 2025
Avada <= 7.11.10 - Cross-Site Request Forgery	CVE-2024-54357	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 11, 2024
Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization	CVE-2024-53816	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 2, 2024
Jobify - Job Board WordPress Theme <= 4.2.3 - Cross-Site Request Forgery	CVE-2024-52479	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 18, 2024
Disable Admin Notices individually <= 1.3.6 - Cross-Site Request Forgery	CVE-2024-52420	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 13, 2024
Dynamic Widgets <= 1.6.4 - Cross-Site Request Forgery	CVE-2024-51669	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 1, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Ananda Dhakal

Showing 41-60 of 86 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting