cydave

43
All Time Ranking
89
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 41-60 of 89 Vulnerabilities

Title CVE ID CVSS Vector Date
Infographic Maker – iList <= 4.3.7 - SQL Injection CVE-2022-0747 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 28, 2022
Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection CVE-2022-0760 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 28, 2022
Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection CVE-2022-0694 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 28, 2022
BookingPress < 1.0.11 - SQL Injection CVE-2022-0739 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 28, 2022
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection CVE-2022-0658 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 21, 2022
Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion CVE-2022-4101 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H December 21, 2022
Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload CVE-2022-4047 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 25, 2022
User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2022-3912 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 21, 2022
Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change CVE-2022-3930 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 21, 2022
BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection CVE-2022-2958 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 23, 2022
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload CVE-2022-1952 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 13, 2022
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download CVE-2022-4298 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 12, 2022
Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N April 14, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal CVE-2022-0679 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N March 1, 2022
Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access CVE-2022-0656 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N April 13, 2022
Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting CVE-2022-4307 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N December 27, 2022
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection CVE-2022-4297 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 12, 2022
Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting CVE-2022-1938 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 16, 2022
SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting CVE-2022-0780 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 11, 2022
WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting CVE-2022-0818 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 2, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation