🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

Wordfence Intelligence > Vulnerability Researchers > Dhabaleshwar Das

Dhabaleshwar Das

All Time Ranking

205

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 1-20 of 205 Vulnerabilities

Analytify <= 5.3.1 - Cross-Site Request Forgery to Opt-out

4.3

CVE-2024-43265

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.14 - Missing Authorization

4.3

CVE-2024-43273

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Icegram <= 3.1.24 - Missing Authorization

5.3

CVE-2024-43272

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Smart Online Order for Clover <= 1.5.6 - Missing Authorization

5.3

CVE-2024-43253

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Smart Online Order for Clover <= 1.5.6 - Missing Authorization

4.3

CVE-2024-43254

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Advanced Cron Manager – debug & control <= 2.5.9 - Missing Authorization

4.3

CVE-2024-43154

Aug 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Arconix Shortcodes <= 2.1.11 - Missing Authorization

5.3

CVE-2024-38769

Jul 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Arconix FAQ <= 1.9.4 - Missing Authorization

5.3

CVE-2024-38783

Jul 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

i-transform <= 3.0.9 - Cross-Site Request Forgery

4.3

CVE-2024-38764

Jul 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Matomo Analytics <= 5.1.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-38766

Jul 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Oceanic <= 1.0.52 - Cross-Site Request Forgery

4.3

CVE-2024-38765

Jul 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-38763

Jul 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization

5.3

CVE-2024-38702

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EleForms <= 2.9.9.9 - Missing Authorization

5.3

CVE-2024-38748

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Patricia Blog <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2024-38732

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

i-amaze <= 1.3.7 - Cross-Site Request Forgery

4.3

CVE-2024-38731

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Packlink PRO shipping module <= 3.4.6 - Missing Authorization

4.3

CVE-2024-38740

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Internal Link Juicer: SEO Auto Linker for WordPress <= 2.24.3 - Cross-Site Request Forgery

4.3

CVE-2024-37941

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Point <= 1.1 - Cross-Site Request Forgery

4.3

CVE-2024-37931

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Patricia Lite <= 1.2.3 - Cross-Site Request Forgery

4.3

CVE-2024-37939

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Analytify <= 5.3.1 - Cross-Site Request Forgery to Opt-out	CVE-2024-43265	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.14 - Missing Authorization	CVE-2024-43273	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Icegram <= 3.1.24 - Missing Authorization	CVE-2024-43272	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 12, 2024
Smart Online Order for Clover <= 1.5.6 - Missing Authorization	CVE-2024-43253	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Smart Online Order for Clover <= 1.5.6 - Missing Authorization	CVE-2024-43254	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Advanced Cron Manager – debug & control <= 2.5.9 - Missing Authorization	CVE-2024-43154	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 7, 2024
Arconix Shortcodes <= 2.1.11 - Missing Authorization	CVE-2024-38769	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 19, 2024
Arconix FAQ <= 1.9.4 - Missing Authorization	CVE-2024-38783	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 19, 2024
i-transform <= 3.0.9 - Cross-Site Request Forgery	CVE-2024-38764	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 12, 2024
Matomo Analytics <= 5.1.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-38766	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 12, 2024
Oceanic <= 1.0.52 - Cross-Site Request Forgery	CVE-2024-38765	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 12, 2024
Popularis Verse <= 1.0.1 - Cross-Site Request Forgery	CVE-2024-38763	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 12, 2024
Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization	CVE-2024-38702	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 11, 2024
EleForms <= 2.9.9.9 - Missing Authorization	CVE-2024-38748	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 11, 2024
Patricia Blog <= 1.2 - Cross-Site Request Forgery	CVE-2024-38732	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 11, 2024
i-amaze <= 1.3.7 - Cross-Site Request Forgery	CVE-2024-38731	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 11, 2024
Packlink PRO shipping module <= 3.4.6 - Missing Authorization	CVE-2024-38740	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	July 11, 2024
Internal Link Juicer: SEO Auto Linker for WordPress <= 2.24.3 - Cross-Site Request Forgery	CVE-2024-37941	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 9, 2024
Point <= 1.1 - Cross-Site Request Forgery	CVE-2024-37931	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 9, 2024
Patricia Lite <= 1.2.3 - Cross-Site Request Forgery	CVE-2024-37939	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 9, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation