Wordfence Intelligence   >   Vulnerability Researchers   >   Dhabaleshwar Das

Dhabaleshwar Das

22
All Time Ranking
233
All Time Discoveries
9
90 Day Published Submissions
24 Mar '25
Last Published Submission

About

I fell in love with security when I realized I could hack stuff and call it a career. Now, I spend my days battling bugs, breaking apps, and convincing developers I’m actually helping. Let's keep the internet safe—or at least entertained!

2 Achievements

Learn more about Achievements
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
February 17, 2025
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 8, 2025
Learn more Learn more about Achievements

Showing 61-80 of 233 Vulnerabilities

Newsmatic <= 1.3.1 - Missing Authorization
5.3
CVE-2024-37468
Jul 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Travel Agency <= 1.4.9 - Cross-Site Request Forgery
4.3
CVE-2024-37451
Jun 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Schema Lite <= 1.2.2 - Cross-Site Request Forgery
4.3
CVE-2024-37452
Jun 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Benevolent <= 1.3.4 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37450
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Blossom Shop <= 1.1.7 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37412
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Coachify <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37417
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Elegant Pink <= 1.3.0 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37426
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
JobScout <= 1.1.4 - Cross-Site Request Forgery to Notice Dimissal
4.3
CVE-2024-37421
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Mesmerize <= 1.6.120 - Cross-Site Request Forgery to Cache Clearing
4.3
CVE-2024-37431
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NewsMash <= 1.0.34 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37441
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Perfect Portfolio <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37435
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
OnePress <= 2.3.6 - Cross-Site Request Forgery via save_settings()
4.3
CVE-2024-37448
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Preschool and Kindergarten <= 1.2.1 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37413
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
TrustedLogin Vendor < 1.1.1 - Unauthenticated Information Disclosure
5.3
CVE-2024-37270
Jun 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Travel Monster <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37272
Jun 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Mobile Menu <= 2.8.4.3 - Cross-Site Request Forgery
4.3
CVE-2024-37274
Jun 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vandana Lite <= 1.1.9 - Cross Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37243
Jun 21, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Book Landing Page <= 1.2.3 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37230
Jun 21, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Falang multilanguage <= 1.3.51 - Cross-Site Request Forgery
4.3
CVE-2024-37240
Jun 21, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vilva <= 1.2.2 - Cross-Site Request Forgery to Notice Dismissal
4.3
CVE-2024-37102
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Newsmatic <= 1.3.1 - Missing Authorization CVE-2024-37468 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 1, 2024
Travel Agency <= 1.4.9 - Cross-Site Request Forgery CVE-2024-37451 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 29, 2024
Schema Lite <= 1.2.2 - Cross-Site Request Forgery CVE-2024-37452 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 29, 2024
Benevolent <= 1.3.4 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37450 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Blossom Shop <= 1.1.7 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37412 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Coachify <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37417 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Elegant Pink <= 1.3.0 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37426 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
JobScout <= 1.1.4 - Cross-Site Request Forgery to Notice Dimissal CVE-2024-37421 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Mesmerize <= 1.6.120 - Cross-Site Request Forgery to Cache Clearing CVE-2024-37431 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
NewsMash <= 1.0.34 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37441 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Perfect Portfolio <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37435 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
OnePress <= 2.3.6 - Cross-Site Request Forgery via save_settings() CVE-2024-37448 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
Preschool and Kindergarten <= 1.2.1 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37413 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 28, 2024
TrustedLogin Vendor < 1.1.1 - Unauthenticated Information Disclosure CVE-2024-37270 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 27, 2024
Travel Monster <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37272 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 27, 2024
WP Mobile Menu <= 2.8.4.3 - Cross-Site Request Forgery CVE-2024-37274 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 27, 2024
Vandana Lite <= 1.1.9 - Cross Site Request Forgery to Notice Dismissal CVE-2024-37243 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 21, 2024
Book Landing Page <= 1.2.3 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37230 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 21, 2024
Falang multilanguage <= 1.3.51 - Cross-Site Request Forgery CVE-2024-37240 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 21, 2024
Vilva <= 1.2.2 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-37102 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 20, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.