Fariq Fadillah Gusti Insani (fariqfgi)

137
All Time Ranking
22
All Time Discoveries
0
90 Day Published Submissions
28 Feb '24
Last Published Submission
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
April 11, 2024

Showing 1-20 of 22 Vulnerabilities

Title CVE ID CVSS Vector Date
Posti Shipping <= 3.10.2 - Full Path Disclosure CVE-2024-50512 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 28, 2024
Ultimate Classified Listings <= 1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-52487 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 19, 2024
HD Quiz – Save Results Light <= 0.5 - Missing Authorization CVE-2024-49689 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N October 21, 2024
Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins() CVE-2024-43998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 29, 2024
ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins() CVE-2024-43974 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins() CVE-2024-43980 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Blockbooster <= 1.0.10 - Missing Authorization CVE-2024-43979 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
LWS Affiliation <= 2.3.4 - Missing Authorization CVE-2024-43962 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 26, 2024
Hello Agency <= 1.0.5 - Missing Authorization to Notice Dismissal CVE-2024-43341 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 16, 2024
JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization CVE-2024-31273 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 5, 2024
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1341 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N February 28, 2024
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid CVE-2023-50839 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 21, 2023
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection CVE-2023-47530 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 7, 2023
WPSchoolPress <= 2.2.3 - Missing Authorization CVE-2023-37887 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 11, 2023
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference CVE-2023-23679 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 20, 2023
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization CVE-2023-30479 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 13, 2023
JS Job Manager <= 2.0.0 - Missing Authorization CVE-2023-28689 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N March 21, 2023
WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-28534 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 17, 2023
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title CVE-2023-25963 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 21, 2023
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation CVE-2023-23715 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L January 25, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation