🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Dimas Maulana

Dimas Maulana

All Time Ranking

112

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 41-60 of 112 Vulnerabilities

Slider by 10Web – Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting

6.1

CVE-2024-32578

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Flash Video Player <= 5.0.4 - Cross-Site Request Forgery

4.3

CVE-2024-32537

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-32549

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-32535

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-32545

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-32547

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-32543

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-32546

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-32541

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-32133

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

6.1

CVE-2024-32138

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-32135

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Convert Post Types <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2024-32108

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

4.3

CVE-2024-31086

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

DX-Watermark <= 1.0.4 - Cross-Site Request Forgery

4.3

CVE-2024-30560

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Broken Images <= 0.2 - Cross-Site Request Forgery

4.3

CVE-2024-31093

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting

6.1

CVE-2024-30558

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AdsPlace'r – Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-31088

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting

6.1

CVE-2024-30561

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Comic Easel <= 1.15 - Reflected Cross-Site Scripting

6.1

CVE-2024-31092

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Slider by 10Web – Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting	CVE-2024-32578	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2024
Flash Video Player <= 5.0.4 - Cross-Site Request Forgery	CVE-2024-32537	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 15, 2024
Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery	CVE-2024-32549	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 15, 2024
Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting	CVE-2024-32535	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting	CVE-2024-32545	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting	CVE-2024-32547	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2024-32543	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting	CVE-2024-32546	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-32541	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 15, 2024
EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting	CVE-2024-32133	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 12, 2024
Short URL <= 1.6.8 - Reflected Cross-Site Scripting	CVE-2024-32138	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 12, 2024
Disable Comments \| WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection	CVE-2024-32135	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 12, 2024
Convert Post Types <= 1.4 - Cross-Site Request Forgery	CVE-2024-32108	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2024
Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery	CVE-2024-31086	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
DX-Watermark <= 1.0.4 - Cross-Site Request Forgery	CVE-2024-30560	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
Broken Images <= 0.2 - Cross-Site Request Forgery	CVE-2024-31093	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting	CVE-2024-30558	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
AdsPlace'r – Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting	CVE-2024-31088	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting	CVE-2024-30561	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
Comic Easel <= 1.15 - Reflected Cross-Site Scripting	CVE-2024-31092	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation