Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Dimas Maulana

Dimas Maulana

All Time Ranking

139

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 121-139 of 139 Vulnerabilities

WP SMS <= 6.5.2 - Reflected Cross-Site Scripting via 'page'

6.1

CVE-2024-24881

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CalculatorPro Calculators <= 1.1.7 - Reflected Cross-Site Scripting via CP_preview_calc

6.1

CVE-2024-24847

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Lister Lite for eBay <= 3.5.7 - Reflected Cross-Site Scripting via 's'

6.1

CVE-2024-22307

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

BA Plus <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-22286

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class

6.1

CVE-2024-22160

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to

6.1

CVE-2024-22289

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Smart Editor <= 1.3.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-22148

Jan 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting

6.1

CVE-2023-52196

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-47844

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tainacan <= 0.20.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-47848

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting

4.3

CVE-2024-49633

Jan 6, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Flash Video Player <= 5.0.4 - Cross-Site Request Forgery

4.3

CVE-2024-32537

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-32549

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Convert Post Types <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2024-32108

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

4.3

CVE-2024-31086

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

DX-Watermark <= 1.0.4 - Cross-Site Request Forgery

4.3

CVE-2024-30560

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Broken Images <= 0.2 - Cross-Site Request Forgery

4.3

CVE-2024-31093

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page

4.3

CVE-2024-22285

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Grab & Save <= 1.0.4 - Cross-Site Request Forgery

4.3

CVE-2023-47845

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP SMS <= 6.5.2 - Reflected Cross-Site Scripting via 'page'	CVE-2024-24881	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 5, 2024
CalculatorPro Calculators <= 1.1.7 - Reflected Cross-Site Scripting via CP_preview_calc	CVE-2024-24847	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2024
WP-Lister Lite for eBay <= 3.5.7 - Reflected Cross-Site Scripting via 's'	CVE-2024-22307	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 19, 2024
BA Plus <= 1.0.3 - Reflected Cross-Site Scripting	CVE-2024-22286	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 16, 2024
Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class	CVE-2024-22160	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 16, 2024
Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to	CVE-2024-22289	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 16, 2024
WP Smart Editor <= 1.3.3 - Reflected Cross-Site Scripting	CVE-2024-22148	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 15, 2024
CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting	CVE-2023-52196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2024
Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2023-47844	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 20, 2023
Tainacan <= 0.20.4 - Reflected Cross-Site Scripting	CVE-2023-47848	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 20, 2023
DirectoryPress <= 3.6.19 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2024-49633	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 6, 2025
Flash Video Player <= 5.0.4 - Cross-Site Request Forgery	CVE-2024-32537	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 15, 2024
Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery	CVE-2024-32549	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 15, 2024
Convert Post Types <= 1.4 - Cross-Site Request Forgery	CVE-2024-32108	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2024
Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery	CVE-2024-31086	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
DX-Watermark <= 1.0.4 - Cross-Site Request Forgery	CVE-2024-30560	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
Broken Images <= 0.2 - Cross-Site Request Forgery	CVE-2024-31093	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 29, 2024
Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page	CVE-2024-22285	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 16, 2024
Grab & Save <= 1.0.4 - Cross-Site Request Forgery	CVE-2023-47845	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Dimas Maulana

Showing 121-139 of 139 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting