Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > incognito

incognito

191

All Time Ranking

All Time Discoveries

90 Day Published Submissions

27 Feb '25

Last Published Submission

About

I am Pentester and Bug Hunting

3 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

16 Vulnerabilities

NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission

4.3

CVE-2024-10860

Feb 27, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update

4.3

CVE-2024-10581

Feb 14, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation

5.3

CVE-2024-13554

Feb 11, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion

4.3

CVE-2024-13652

Jan 30, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update

4.3

CVE-2024-12826

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets

4.3

CVE-2024-10326

Jan 14, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2024-11929

Jan 8, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

4.3

CVE-2024-11852

Dec 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WP Log Viewer <= 1.2.1 - Missing Authorization

5.4

CVE-2024-11085

Nov 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation

4.3

CVE-2024-10614

Nov 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import

4.3

CVE-2024-10582

Nov 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export

4.3

CVE-2024-10852

Nov 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion

4.3

CVE-2024-10853

Nov 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import

4.3

CVE-2024-10854

Nov 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion

5.3

CVE-2024-10535

Nov 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization

4.3

CVE-2024-9583

Oct 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission	CVE-2024-10860	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 27, 2025
DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update	CVE-2024-10581	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 14, 2025
The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation	CVE-2024-13554	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 11, 2025
ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion	CVE-2024-13652	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 30, 2025
GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update	CVE-2024-12826	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 24, 2025
RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets	CVE-2024-10326	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 14, 2025
Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-11929	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 8, 2025
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization	CVE-2024-11852	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 21, 2024
WP Log Viewer <= 1.2.1 - Missing Authorization	CVE-2024-11085	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	November 15, 2024
Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation	CVE-2024-10614	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 15, 2024
Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import	CVE-2024-10582	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 14, 2024
Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export	CVE-2024-10852	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 12, 2024
Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion	CVE-2024-10853	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 12, 2024
Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import	CVE-2024-10854	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 12, 2024
Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion	CVE-2024-10535	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 5, 2024
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization	CVE-2024-9583	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	October 22, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

incognito

About

3 Achievements

16 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting