🦸 🧭 Calling all superheroes and explorers! Introducing the WordPress Superhero Challenge and WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities AND XSS vulnerabilities are in scope for all researchers in plugins/themes >= 1,000 Active Installs!

Through October 7th, 2024 all Cross-Site Scripting (XSS) vulnerabilities in plugins/themes with >= 1,000 Active Installs will be in scope for all researchers regardless of researcher tier. In addition, through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200.

Check out the updated bounties here!

Wordfence Intelligence > Vulnerability Researchers > Dhabaleshwar Das

Dhabaleshwar Das

All Time Ranking

205

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 161-180 of 205 Vulnerabilities

Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31382

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Calendarista Basic Edition <= 3.0.2 - Cross-Site Request Forgery

4.3

CVE-2024-31942

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31386

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Currency per Product for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31920

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Dashboard To-Do List <= 1.3.1 - Cross-Site Request Forgery via ardtdw_widgetupdate()

4.3

CVE-2024-31376

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-30546

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Newsletter <= 8.0.6 - Cross-Site Request Forgery

4.3

CVE-2024-31434

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31938

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-31383

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31431

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31429

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31384

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31428

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31433

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()

4.3

CVE-2024-31921

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31939

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()

4.3

CVE-2024-31922

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery

4.3

CVE-2024-31924

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP2LEADS <= 3.2.7 - Missing Authorization

4.3

CVE-2024-31375

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery

4.3

CVE-2024-31364

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31382	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Calendarista Basic Edition <= 3.0.2 - Cross-Site Request Forgery	CVE-2024-31942	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31386	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Currency per Product for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31920	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Dashboard To-Do List <= 1.3.1 - Cross-Site Request Forgery via ardtdw_widgetupdate()	CVE-2024-31376	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Login With Ajax <= 4.1 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-30546	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Newsletter <= 8.0.6 - Cross-Site Request Forgery	CVE-2024-31434	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31938	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
PopularFX <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31383	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31431	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31429	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31384	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31428	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31433	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()	CVE-2024-31921	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31939	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()	CVE-2024-31922	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery	CVE-2024-31924	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
WP2LEADS <= 3.2.7 - Missing Authorization	CVE-2024-31375	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 8, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery	CVE-2024-31364	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 8, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation