Wordfence Intelligence   >   Vulnerability Researchers   >   Dhabaleshwar Das

Dhabaleshwar Das

22
All Time Ranking
235
All Time Discoveries
8
90 Day Published Submissions
24 Mar '25
Last Published Submission

About

I fell in love with security when I realized I could hack stuff and call it a career. Now, I spend my days battling bugs, breaking apps, and convincing developers I’m actually helping. Let's keep the internet safe—or at least entertained!

2 Achievements

Learn more about Achievements
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
February 17, 2025
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 8, 2025
Learn more Learn more about Achievements

Showing 1-20 of 235 Vulnerabilities

5 Stars Rating Funnel <= 1.2.67 - Missing Authorization
6.5
CVE-2024-32725
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal
6.5
CVE-2024-32814
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization
6.5
CVE-2024-32691
Apr 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s
6.1
CVE-2024-29928
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPZOOM Shortcodes <= 1.0.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-22162
Jan 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Finale Lite <= 2.18.0 - Cross-Site Request Forgery
5.8
CVE-2024-32107
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
ShortPixel Adaptive Images <= 3.8.3 - Authenticated (Admin+) Server-Side Request Forgery
5.5
CVE-2024-35172
May 10, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.6.4 - Missing Authorization via Several AJAX Action
5.4
CVE-2024-34826
May 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery
5.4
CVE-2024-31943
Apr 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer
5.4
CVE-2024-24935
Feb 9, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Astra Security Suite <= 0.2 - Missing Authorization
5.3
CVE-2025-31774
Apr 1, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI for SEO <= 1.2.9 - Missing Authorization
5.3
CVE-2025-22299
Jan 6, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Wand <= 1.2.5 - Missing Authorization
5.3
CVE-2025-22302
Jan 6, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2025-22303
Jan 6, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Smart Online Order for Clover <= 1.5.6 - Missing Authorization
5.3
CVE-2024-43253
Aug 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Icegram <= 3.1.24 - Missing Authorization
5.3
CVE-2024-43272
Aug 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Arconix FAQ <= 1.9.4 - Missing Authorization
5.3
CVE-2024-38783
Jul 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Arconix Shortcodes <= 2.1.11 - Missing Authorization
5.3
CVE-2024-38769
Jul 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EleForms <= 2.9.9.9 - Missing Authorization
5.3
CVE-2024-38748
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization
5.3
CVE-2024-38702
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
5 Stars Rating Funnel <= 1.2.67 - Missing Authorization CVE-2024-32725 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 22, 2024
Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal CVE-2024-32814 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L April 22, 2024
Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization CVE-2024-32691 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 19, 2024
Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s CVE-2024-29928 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
WPZOOM Shortcodes <= 1.0.1 - Reflected Cross-Site Scripting CVE-2024-22162 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 16, 2024
Finale Lite <= 2.18.0 - Cross-Site Request Forgery CVE-2024-32107 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N April 11, 2024
ShortPixel Adaptive Images <= 3.8.3 - Authenticated (Admin+) Server-Side Request Forgery CVE-2024-35172 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2024
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.6.4 - Missing Authorization via Several AJAX Action CVE-2024-34826 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N May 9, 2024
USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery CVE-2024-31943 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N April 10, 2024
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer CVE-2024-24935 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 9, 2024
Astra Security Suite <= 0.2 - Missing Authorization CVE-2025-31774 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 1, 2025
AI for SEO <= 1.2.9 - Missing Authorization CVE-2025-22299 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N January 6, 2025
WP Wand <= 1.2.5 - Missing Authorization CVE-2025-22302 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N January 6, 2025
WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure CVE-2025-22303 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N January 6, 2025
Smart Online Order for Clover <= 1.5.6 - Missing Authorization CVE-2024-43253 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 12, 2024
Icegram <= 3.1.24 - Missing Authorization CVE-2024-43272 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N August 12, 2024
Arconix FAQ <= 1.9.4 - Missing Authorization CVE-2024-38783 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 19, 2024
Arconix Shortcodes <= 2.1.11 - Missing Authorization CVE-2024-38769 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 19, 2024
EleForms <= 2.9.9.9 - Missing Authorization CVE-2024-38748 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 11, 2024
Product Delivery Date for WooCommerce – Lite <= 2.7.2 - Missing Authorization CVE-2024-38702 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 11, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.