💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > vgo0

vgo0

All Time Ranking

192

All Time Discoveries

136

90 Day Published Submissions

3 Jan '25

Last Published Submission

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 192 Vulnerabilities

WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVE-2024-12279

Jan 3, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter

6.1

CVE-2024-12221

Jan 3, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters

6.1

CVE-2024-11974

Jan 3, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter

6.1

CVE-2024-12047

Jan 3, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-12468

Dec 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-12405

Dec 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-11688

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-11808

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVE-2024-11975

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-11682

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-11811

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-12408

Dec 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-11331

Dec 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-11806

Dec 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVE-2024-12454

Dec 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter

6.1

CVE-2024-12469

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter

6.1

CVE-2024-12127

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation

8.8

CVE-2024-12293

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

6.1

CVE-2024-12220

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2024-12219

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Social AutoConnect <= 4.6.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2024-12279	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2025
Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter	CVE-2024-12221	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2025
Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters	CVE-2024-11974	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2025
WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter	CVE-2024-12047	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2025
WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting	CVE-2024-12468	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 23, 2024
Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting	CVE-2024-12405	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 23, 2024
LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting	CVE-2024-11688	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting	CVE-2024-11808	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2024-11975	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting	CVE-2024-11682	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting	CVE-2024-11811	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting	CVE-2024-12408	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 20, 2024
isee-products-extractor <= 2.1.3 - Reflected Cross-Site Scripting	CVE-2024-11331	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 19, 2024
PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting	CVE-2024-11806	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 19, 2024
Affiliate Program Suite — SliceWP Affiliates <= 1.1.23 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2024-12454	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 17, 2024
WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter	CVE-2024-12469	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 16, 2024
Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter	CVE-2024-12127	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 16, 2024
User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation	CVE-2024-12293	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 16, 2024
SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2024-12220	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 16, 2024
Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2024-12219	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 16, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation