Wordfence Intelligence   >   Vulnerability Researchers   >   Bob Matyas

Bob Matyas

Organization: Automattic

15
All Time Ranking
239
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 141-160 of 239 Vulnerabilities

CB (legacy) <= 0.9.4.18 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-4381
May 31, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CSSable Countdown <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-4384
May 31, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Social Pixel <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-4005
May 24, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3977
May 24, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Amen <= 3.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3992
May 24, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Backpack <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-4756
May 17, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ARforms <= 6.5 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-4621
May 17, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3920
May 2, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-4290
Apr 30, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Popup4Phone <= 1.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-2024-3580
Apr 26, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3644
Apr 25, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3630
Apr 24, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3634
Apr 24, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field
4.4
CVE-2024-0904
Apr 15, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3755
Apr 15, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-3752
Apr 15, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-1905
Apr 8, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings
4.4
CVE-2024-2603
Apr 5, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-1754
Mar 25, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title
4.4
CVE-2024-0902
Mar 25, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
CB (legacy) <= 0.9.4.18 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-4381 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 31, 2024
CSSable Countdown <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-4384 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 31, 2024
Social Pixel <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-4005 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 24, 2024
WordPress Jitsi Shortcode <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3977 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 24, 2024
Amen <= 3.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3992 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 24, 2024
WP Backpack <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-4756 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 17, 2024
ARforms <= 6.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-4621 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 17, 2024
Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3920 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 2, 2024
Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-4290 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 30, 2024
Popup4Phone <= 1.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2024-3580 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 26, 2024
Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3644 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 25, 2024
HL Twitter <= 2014.1.18 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3630 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2024
month name translation benaceur <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3634 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2024
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field CVE-2024-0904 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 15, 2024
MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3755 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 15, 2024
Crelly Slider <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-3752 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 15, 2024
Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-1905 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 8, 2024
Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings CVE-2024-2603 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 5, 2024
NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-1754 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 25, 2024
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title CVE-2024-0902 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 25, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation