Wordfence Intelligence   >   Vulnerability Researchers   >   Bob Matyas

Bob Matyas

Organization: Automattic

15
All Time Ranking
239
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 101-120 of 239 Vulnerabilities

WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion
5.4
CVE-2024-3983
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete'
5.4
CVE-2024-2843
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion
5.4
CVE-2024-5285
Jul 8, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
OpenPGP Form Encryption for WordPress <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-3919
Jun 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update
5.4
CVE-2024-5287
Jun 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-3918
May 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion
5.3
CVE-2024-9689
Oct 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion
5.3
CVE-2024-8700
Oct 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Chatbot with ChatGPT <= 2.4.4 - Missing Authorization
5.3
CVE-2024-6846
Aug 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Progress Bar Deletion
5.3
CVE-2024-4535
May 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion
5.3
CVE-2024-2858
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion
5.3
CVE-2023-7231
Jan 23, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery
4.7
CVE-2024-3163
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
YaDisk Files <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-10710
Nov 4, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-8702
Sep 20, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-7878
Sep 4, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Logo Manager For Enamad <= 0.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-5170
Aug 27, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-6693
Aug 20, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-7918
Aug 19, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via CSS Styles
4.4
CVE-2024-6617
Aug 15, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion CVE-2024-3983 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L July 11, 2024
WooCommerce Customers Manager < 30.1 - Cross-Site Request Forgery to Customer Deletion via 'Delete' CVE-2024-2843 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L July 11, 2024
WP Affiliate Platform <= 6.5.1 - Cross-Site Request Forgery to Afilliate Deletion CVE-2024-5285 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N July 8, 2024
OpenPGP Form Encryption for WordPress <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-3919 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N June 22, 2024
WP Affiliate Platform < 6.5.1 - Cross-Site Request Forgery to Profile Update CVE-2024-5287 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N June 22, 2024
Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-3918 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N May 2, 2024
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion CVE-2024-9689 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 15, 2024
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion CVE-2024-8700 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 10, 2024
Chatbot with ChatGPT <= 2.4.4 - Missing Authorization CVE-2024-6846 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 14, 2024
KKProgressbar2 Free <= 1.1.4.2 - Cross-Site Request Forgery to Progress Bar Deletion CVE-2024-4535 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 6, 2024
Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion CVE-2024-2858 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 25, 2024
illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion CVE-2023-7231 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N January 23, 2024
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery CVE-2024-3163 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N August 22, 2024
YaDisk Files <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-10710 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 4, 2024
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-8702 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 20, 2024
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-7878 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 4, 2024
Logo Manager For Enamad <= 0.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-5170 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 27, 2024
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-6693 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 20, 2024
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-7918 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 19, 2024
NinjaTeam Header Footer Custom Code < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via CSS Styles CVE-2024-6617 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 15, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation