Wordfence Intelligence   >   Vulnerability Researchers   >   Fariq Fadillah Gusti Insani (fariqfgi)

Fariq Fadillah Gusti Insani (fariqfgi)

142
All Time Ranking
20
All Time Discoveries
0
90 Day Published Submissions
28 Feb '24
Last Published Submission

2 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
April 11, 2024
Learn more Learn more about Achievements

20 Vulnerabilities

HD Quiz – Save Results Light <= 0.5 - Missing Authorization
4.3
CVE-2024-49689
Oct 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins()
5.3
CVE-2024-43998
Aug 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins()
5.3
CVE-2024-43974
Aug 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins()
5.3
CVE-2024-43980
Aug 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Blockbooster <= 1.0.10 - Missing Authorization
5.3
CVE-2024-43979
Aug 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
LWS Affiliation <= 2.3.4 - Missing Authorization
4.3
CVE-2024-43962
Aug 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Hello Agency <= 1.0.5 - Missing Authorization to Notice Dismissal
5.3
CVE-2024-43341
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization
5.3
CVE-2024-31273
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
4.9
CVE-2024-1341
Feb 28, 2024
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid
9.8
CVE-2023-50839
Dec 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-47530
Nov 7, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPSchoolPress <= 2.2.3 - Missing Authorization
5.4
CVE-2023-37887
Jul 11, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
6.3
CVE-2023-23679
Jun 20, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization
6.5
CVE-2023-30479
Apr 13, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
JS Job Manager <= 2.0.0 - Missing Authorization
6.5
CVE-2023-28689
Mar 21, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2023-28534
Mar 17, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title
6.4
CVE-2023-25963
Feb 21, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation
6.5
CVE-2023-23715
Jan 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Yoast SEO <= 17.2 - Full Path Disclosure
5.3
CVE-2021-25118
Oct 5, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting
6.1
CVE-2020-36510
Sep 21, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
HD Quiz – Save Results Light <= 0.5 - Missing Authorization CVE-2024-49689 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N October 21, 2024
Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins() CVE-2024-43998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 29, 2024
ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins() CVE-2024-43974 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins() CVE-2024-43980 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Blockbooster <= 1.0.10 - Missing Authorization CVE-2024-43979 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
LWS Affiliation <= 2.3.4 - Missing Authorization CVE-2024-43962 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 26, 2024
Hello Agency <= 1.0.5 - Missing Authorization to Notice Dismissal CVE-2024-43341 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 16, 2024
JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization CVE-2024-31273 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 5, 2024
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1341 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N February 28, 2024
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid CVE-2023-50839 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 21, 2023
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection CVE-2023-47530 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 7, 2023
WPSchoolPress <= 2.2.3 - Missing Authorization CVE-2023-37887 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 11, 2023
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference CVE-2023-23679 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 20, 2023
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization CVE-2023-30479 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 13, 2023
JS Job Manager <= 2.0.0 - Missing Authorization CVE-2023-28689 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N March 21, 2023
WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-28534 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 17, 2023
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title CVE-2023-25963 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 21, 2023
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation CVE-2023-23715 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L January 25, 2023
Yoast SEO <= 17.2 - Full Path Disclosure CVE-2021-25118 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 5, 2021
15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting CVE-2020-36510 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 21, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation