Wordfence Intelligence   >   Vulnerability Researchers   >   Dimas Maulana

Dimas Maulana

37
All Time Ranking
139
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 21-40 of 139 Vulnerabilities

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution
7.3
CVE-2024-50450
Oct 24, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
All push notification for WP <= 1.5.3 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2025-25092
Feb 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Sticky Anything <= 2.1.5 - Missing Authorization
7.2
CVE-2024-33646
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-32541
Apr 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-22282
Jan 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
User Feedback <= 1.0.9 - Unauthenticated Cross-Site Scripting
7.2
CVE-2023-46153
Oct 17, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php
6.5
CVE-2024-22287
Jan 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-33938
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Bulk NoIndex & NoFollow Toolkit <= 2.16 - Reflected Cross-Site Scripting
6.1
CVE-2025-31537
Apr 1, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting
6.1
CVE-2025-26981
Feb 23, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting
6.1
CVE-2025-26987
Feb 23, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atarim <= 4.1.0 - Reflected Cross-Site Scripting
6.1
CVE-2025-26993
Feb 23, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Adsmonetizer <= 3.2.4 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Feb 21, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting
6.1
CVE-2025-23670
Feb 16, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Image Rotator <= 2.0 - Reflected Cross-Site Scripting
6.1
CVE-2025-25089
Feb 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Appointment Buddy Widget <= 1.2 - Reflected Cross-Site Scripting
6.1
CVE-2025-25099
Feb 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting
6.1
CVE-2025-23905
Jan 16, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting
6.1
CVE-2025-22314
Jan 6, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting
6.1
CVE-2025-22358
Jan 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress <= 9.11.0 - Reflected Cross-Site Scripting
6.1
CVE-2025-24617
Dec 30, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-50450 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L October 24, 2024
All push notification for WP <= 1.5.3 - Unauthenticated Stored Cross-Site Scripting CVE-2025-25092 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 3, 2025
Sticky Anything <= 2.1.5 - Missing Authorization CVE-2024-33646 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 25, 2024
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting CVE-2024-32541 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 15, 2024
SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting CVE-2024-22282 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N January 16, 2024
User Feedback <= 1.0.9 - Unauthenticated Cross-Site Scripting CVE-2023-46153 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N October 17, 2023
Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php CVE-2024-22287 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N January 16, 2024
Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-33938 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 29, 2024
Bulk NoIndex & NoFollow Toolkit <= 2.16 - Reflected Cross-Site Scripting CVE-2025-31537 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 1, 2025
Web Accessibility By accessiBe <= 2.5 - Reflected Cross-Site Scripting CVE-2025-26981 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 23, 2025
Frontend Admin by DynamiApps <= 3.25.17 - Reflected Cross-Site Scripting CVE-2025-26987 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 23, 2025
Atarim <= 4.1.0 - Reflected Cross-Site Scripting CVE-2025-26993 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 23, 2025
Adsmonetizer <= 3.2.4 - Reflected Cross-Site Scripting 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 21, 2025
4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting CVE-2025-23670 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 16, 2025
Image Rotator <= 2.0 - Reflected Cross-Site Scripting CVE-2025-25089 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 3, 2025
Appointment Buddy Widget <= 1.2 - Reflected Cross-Site Scripting CVE-2025-25099 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 3, 2025
Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting CVE-2025-23905 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 16, 2025
Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting CVE-2025-22314 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 6, 2025
Wp advertising management <= 1.0.3 - Reflected Cross-Site Scripting CVE-2025-22358 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 3, 2025
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress <= 9.11.0 - Reflected Cross-Site Scripting CVE-2025-24617 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 30, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.