🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Dmitrii Ignatyev

Dmitrii Ignatyev

Organization: CleanTalk Inc

All Time Ranking

186

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

About

As a pentester, I possess a diverse range of skills that allow me to effectively assess and secure digital systems. My experience includes conducting audits of information systems, web applications, and network infrastructure and access points. I also have a strong background in moderating and promoting bug bounty platforms, helping to create a more secure online environment.

Showing 161-180 of 186 Vulnerabilities

Profile Box Shortcode And Widget <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-1401

Feb 27, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Widget for Social Page Feeds <= 6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-0973

Feb 21, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Enhanced Text Widget <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-0559

Feb 20, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Advanced Social Feeds Widget & Shortcode <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-0951

Feb 20, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Ultimate Posts Widget <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-0561

Feb 13, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-1106

Feb 5, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-4725

Sep 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Logo Slider <= 3.7.0 - Cross-Site Request Forgery

4.3

CVE-2024-9233

Oct 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 - Authenticated (Contributor+) Server-Side Request Forgery

4.3

CVE-2024-4260

Jul 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Testimonial Slider <= 2.3.6 - Missing Authorization to Authenticated (Author+) Settings Update

4.3

CVE-2024-1745

Mar 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Fatal Error Notify <= 1.5.2 - Missing Authorization to Test Error Email Sending

4.3

CVE-2023-7202

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Fatal Error Notify <= 1.5.2 - Cross-Site Request Forgery to Test Error Email Sending

4.3

CVE ID Unknown

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)

4.3

CVE-2023-5710

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)

4.3

CVE-2023-5712

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)

4.3

CVE-2023-5714

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)

4.3

CVE-2023-5711

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)

4.3

CVE-2023-5713

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery

4.3

CVE-2023-5772

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Debug Log Manager <= 2.2.1 - Missing Authorization

4.3

CVE-2023-6136

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock

4.3

CVE-2023-4307

Aug 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Profile Box Shortcode And Widget <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-1401	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2024
Widget for Social Page Feeds <= 6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-0973	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 21, 2024
Enhanced Text Widget <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-0559	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 20, 2024
Advanced Social Feeds Widget & Shortcode <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-0951	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 20, 2024
Ultimate Posts Widget <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-0561	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 13, 2024
Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-1106	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 5, 2024
Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-4725	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 25, 2023
Logo Slider <= 3.7.0 - Cross-Site Request Forgery	CVE-2024-9233	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2024
Page Builder Gutenberg Blocks – CoBlocks <= 3.1.11 - Authenticated (Contributor+) Server-Side Request Forgery	CVE-2024-4260	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	July 2, 2024
Testimonial Slider <= 2.3.6 - Missing Authorization to Authenticated (Author+) Settings Update	CVE-2024-1745	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 5, 2024
Fatal Error Notify <= 1.5.2 - Missing Authorization to Test Error Email Sending	CVE-2023-7202	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 30, 2024
Fatal Error Notify <= 1.5.2 - Cross-Site Request Forgery to Test Error Email Sending		4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 30, 2024
System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)	CVE-2023-5710	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 6, 2023
System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)	CVE-2023-5712	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 6, 2023
System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)	CVE-2023-5714	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 6, 2023
System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)	CVE-2023-5711	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 6, 2023
System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)	CVE-2023-5713	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 6, 2023
Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery	CVE-2023-5772	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 29, 2023
Debug Log Manager <= 2.2.1 - Missing Authorization	CVE-2023-6136	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	November 23, 2023
Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock	CVE-2023-4307	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 21, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation