Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Dimas Maulana

Dimas Maulana

All Time Ranking

138

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 1-20 of 138 Vulnerabilities

Accounting for WooCommerce <= 1.6.8 - Unauthenticated Local File Inclusion

9.8

CVE-2025-30835

Mar 27, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Hide My WP Ghost <= 5.4.01 - Unauthenticated Local File Inclusion

9.8

CVE-2025-26909

Mar 19, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GetShop ecommerce <= 1.3 - Unauthenticated Local File Inclusion

9.8

CVE-2024-54362

Mar 17, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion

9.8

CVE-2025-26979

Feb 23, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WC Place Order Without Payment <= 2.6.7 - Unauthenticated Local File Inclusion

9.8

CVE-2025-26933

Feb 23, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Delete Comments By Status <= 2.1.1 - Unauthenticated Local File Inclusion

9.8

CVE-2025-25130

Feb 2, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Fami Sales Popup <= 2.0.0 - Unauthenticated Local File Inclusion

9.8

CVE-2025-25141

Feb 2, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Morkva UA Shipping <= 1.0.18 - Unauthenticated Local File Inclusion

9.8

CVE-2025-24685

Jan 27, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

FAT Event Lite <= 1.1 - Unauthenticated Local File Inclusion

9.8

CVE-2025-22508

Jan 7, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ads Booster by Ads Pro <= 1.12 - Unauthenticated Local File Inclusion

9.8

CVE-2024-52428

Nov 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection

9.8

CVE-2024-25928

Feb 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

postMash – custom post order <= 1.2.0 - Unauthenticated SQL Injection

9.8

CVE-2024-25927

Feb 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2024-32135

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Xserver Migrator <= 1.6.2 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVE-2024-33913

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all

8.2

CVE-2024-27194

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage

8.2

CVE-2024-27195

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets

8.2

CVE-2024-22290

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Calculator Builder – Create an Online Calculator <= 1.6.2 - Unauthenticated Local File Inclusion

8.1

CVE-2025-26760

Feb 14, 2025

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion

8.1

CVE-2024-49649

Jan 6, 2025

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Rezgo Online Booking <= 4.16.1 - Unauthenticated Local File Inclusion

8.1

CVE-2024-53800

Jan 6, 2025

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Accounting for WooCommerce <= 1.6.8 - Unauthenticated Local File Inclusion	CVE-2025-30835	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 27, 2025
Hide My WP Ghost <= 5.4.01 - Unauthenticated Local File Inclusion	CVE-2025-26909	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 19, 2025
GetShop ecommerce <= 1.3 - Unauthenticated Local File Inclusion	CVE-2024-54362	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 17, 2025
Funnel Builder by FunnelKit <= 3.9.0 - Unauthenticated Local File Inclusion	CVE-2025-26979	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 23, 2025
WC Place Order Without Payment <= 2.6.7 - Unauthenticated Local File Inclusion	CVE-2025-26933	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 23, 2025
Delete Comments By Status <= 2.1.1 - Unauthenticated Local File Inclusion	CVE-2025-25130	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 2, 2025
Fami Sales Popup <= 2.0.0 - Unauthenticated Local File Inclusion	CVE-2025-25141	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 2, 2025
Morkva UA Shipping <= 1.0.18 - Unauthenticated Local File Inclusion	CVE-2025-24685	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 27, 2025
FAT Event Lite <= 1.1 - Unauthenticated Local File Inclusion	CVE-2025-22508	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 7, 2025
Ads Booster by Ads Pro <= 1.12 - Unauthenticated Local File Inclusion	CVE-2024-52428	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 15, 2024
Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection	CVE-2024-25928	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 15, 2024
postMash – custom post order <= 1.2.0 - Unauthenticated SQL Injection	CVE-2024-25927	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 15, 2024
Disable Comments \| WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection	CVE-2024-32135	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	April 12, 2024
Xserver Migrator <= 1.6.2 - Cross-Site Request Forgery to Arbitrary File Upload	CVE-2024-33913	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 29, 2024
Fontific \| Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all	CVE-2024-27194	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N	February 26, 2024
Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage	CVE-2024-27195	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N	February 26, 2024
Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets	CVE-2024-22290	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N	January 16, 2024
Calculator Builder – Create an Online Calculator <= 1.6.2 - Unauthenticated Local File Inclusion	CVE-2025-26760	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2025
Build App Online <= 1.0.23 - Unauthenticated Local File Inclusion	CVE-2024-49649	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	January 6, 2025
Rezgo Online Booking <= 4.16.1 - Unauthenticated Local File Inclusion	CVE-2024-53800	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	January 6, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Dimas Maulana

Showing 1-20 of 138 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting