Brandon James Roldan (tomorrowisnew)

48
All Time Ranking
80
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 41-60 of 80 Vulnerabilities

Title CVE ID CVSS Vector Date
Rate my Post – WP Rating System <= 3.4.2 - IP Address Spoofing CVE-2023-51667 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N December 27, 2023
WP Photo Album Plus <= 8.5.02.005 - IP Spoofing CVE-2023-49774 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N December 5, 2023
LiveChat <= 4.5.15 - Cross-Site Request Forgery CVE-2023-49821 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N December 5, 2023
WOOCS – WooCommerce Currency Switcher <= 1.4.1.4 - Cross-Site Request Forgery via delete_profiles_data CVE-2023-49834 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 5, 2023
Business Directory Plugin <= 6.3.10 - Cross-Site Request Forgery CVE-2023-5803 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 28, 2023
Ecwid Ecommerce Shopping Cart <= 6.12.4 - Cross-Site Request Forgery CVE-2023-51533 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 28, 2023
Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation CVE-2023-47840 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N November 27, 2023
Legal Pages <= 1.3.8 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data CVE-2023-47824 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L November 16, 2023
Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php CVE-2023-47669 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L November 7, 2023
Top 10 <= 3.3.2 - Cross-Site Request Forgery via edit_count_ajax CVE-2023-47238 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 3, 2023
Auto Publish for Google My Business <= 3.7 - Cross-Site Request Forgery CVE-2023-47237 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L November 2, 2023
Kadence WooCommerce Email Designer <= 1.5.11 - Cross-Site Request Forgery CVE-2023-47186 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 2, 2023
Newsmag <= 2.4.4 - Reflected Cross-Site Scripting CVE-2023-28493 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N March 16, 2023
Activello <= 1.4.4 - Reflected Cross-Site Scripting CVE-2022-45358 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 23, 2022
Activello <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2022-45849 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 23, 2022
Media Library Assistant <= 3.00 - Information Disclosure CVE-2022-41618 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 29, 2022
wpForo Forum <= 2.0.5 - Cross-Site Request Forgery CVE-2022-38144 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H September 8, 2022
wpForo Forum <= 2.0.5 - Cross-Site Request Forgery CVE-2022-40632 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H September 8, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read CVE-2022-35235 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 9, 2022
MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read CVE-2022-33901 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N July 18, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation