🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers, top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

154

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 141-154 of 154 Vulnerabilities

Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-1577

May 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Change WP Admin Login <= 1.0.9 - Missing Authorization Checks

5.4

CVE-2022-1589

May 9, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N

External Links in New Window / New Tab <= 1.42 - Tabnabbing

6.5

CVE-2022-1583

May 9, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation

8.8

CVE-2022-1611

May 9, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

RSFirewall! <= 1.1.24 - IP Address Spoofing

6.5

CVE-2021-4226

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure

5.3

CVE-2022-1054

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

FloLaunch <= 2.4 - Missing Authorization

9.8

CVE-2022-0541

Mar 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing

9.1

CVE-2022-1165

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure

5.3

CVE-2021-24917

Oct 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting

6.1

CVE-2022-1164

Feb 6, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing

5.3

CVE-2022-1166

Sep 11, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WP JobSearch < 1.5.1 - Reflected Cross-Site Scripting

7.1

CVE-2022-1168

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Careerfy < 3.9.0 - Cross-Site Scripting

6.1

CVE-2022-1169

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting

6.1

CVE-2022-1170

Oct 24, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update	CVE-2022-1577	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 11, 2022
Change WP Admin Login <= 1.0.9 - Missing Authorization Checks	CVE-2022-1589	5.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N	May 9, 2022
External Links in New Window / New Tab <= 1.42 - Tabnabbing	CVE-2022-1583	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	May 9, 2022
Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation	CVE-2022-1611	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 9, 2022
RSFirewall! <= 1.1.24 - IP Address Spoofing	CVE-2021-4226	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure	CVE-2022-1054	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 11, 2022
FloLaunch <= 2.4 - Missing Authorization	CVE-2022-0541	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 29, 2022
Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing	CVE-2022-1165	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 31, 2022
WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure	CVE-2021-24917	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 27, 2021
Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting	CVE-2022-1164	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 6, 2021
Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing	CVE-2022-1166	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 11, 2020
WP JobSearch < 1.5.1 - Reflected Cross-Site Scripting	CVE-2022-1168	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	June 3, 2020
Careerfy < 3.9.0 - Cross-Site Scripting	CVE-2022-1169	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 3, 2020
Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting	CVE-2022-1170	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 24, 2019

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation