Wordfence Intelligence   >   Vulnerability Researchers   >   Bob Matyas

Bob Matyas

Organization: Automattic

15
All Time Ranking
239
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 239 Vulnerabilities

YaDisk Files <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-10710
Nov 4, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
YaDisk Files <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
7.4
CVE-2024-10709
Nov 4, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-10482
Oct 31, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion
5.3
CVE-2024-9689
Oct 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion
5.3
CVE-2024-8700
Oct 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-8702
Sep 20, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete
4.3
CVE-2024-8286
Sep 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-7878
Sep 4, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Logo Manager For Enamad <= 0.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-5170
Aug 27, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Album Deletion
4.3
CVE-2024-7817
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Music Request Manager <= 1.3 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-6019
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Music Request Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-6017
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Music Request Manager <= 1.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-6018
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
MM-Breaking News <= 0.7.9 - Reflected Cross-Site Scripting
6.1
CVE-2024-8056
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery
4.7
CVE-2024-3163
Aug 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-6693
Aug 20, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Index Deletion
4.3
CVE-2024-7688
Aug 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-7687
Aug 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-7918
Aug 19, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-7689
Aug 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
YaDisk Files <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-10710 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 4, 2024
YaDisk Files <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-10709 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L November 4, 2024
Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-10482 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 31, 2024
Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion CVE-2024-9689 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 15, 2024
Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion CVE-2024-8700 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 10, 2024
Backup Database <= 4.9 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-8702 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 20, 2024
GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete CVE-2024-8286 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N September 16, 2024
WP ULike <= 4.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-7878 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 4, 2024
Logo Manager For Enamad <= 0.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-5170 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 27, 2024
Misiek Photo Album <= 1.4.3 - Cross-Site Request Forgery to Album Deletion CVE-2024-7817 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 22, 2024
Music Request Manager <= 1.3 - Unauthenticated Stored Cross-Site Scripting CVE-2024-6019 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 22, 2024
Music Request Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-6017 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 22, 2024
Music Request Manager <= 1.3 - Reflected Cross-Site Scripting CVE-2024-6018 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 22, 2024
MM-Breaking News <= 0.7.9 - Reflected Cross-Site Scripting CVE-2024-8056 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 22, 2024
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery CVE-2024-3163 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N August 22, 2024
WP Content Copy Protection & No Right Click (PRO) <= 15.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-6693 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 20, 2024
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Index Deletion CVE-2024-7688 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 19, 2024
AZIndex <= 0.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-7687 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 19, 2024
Pocket Widget <= 0.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-7918 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 19, 2024
Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-7689 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 19, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation