Wordfence Intelligence   >   Vulnerability Researchers   >   Joshua Chan

Joshua Chan

29
All Time Ranking
168
All Time Discoveries
0
90 Day Published Submissions
6 Jan '25
Last Published Submission

About

Penetration Tester, Security Researcher

2 Achievements

Learn more about Achievements
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 6, 2025
Submitted 1 Vulnerability
Submitted 1 Vulnerability
October 9, 2024
Learn more Learn more about Achievements

Showing 21-40 of 168 Vulnerabilities

SV Forms <= 2.0.05 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-51877
Nov 8, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-38741
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37958
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37959
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Testimonials Widget <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37553
Jul 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-33948
Apr 30, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32961
Apr 23, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32831
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32556
Apr 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta
6.4
CVE-2024-1434
Feb 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting
6.1
CVE-2025-23438
Jan 16, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2025-23436
Jan 16, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting
6.1
CVE-2024-51637
Nov 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
GMO Social Connection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-51636
Nov 1, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wsify Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-48048
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Video Conferencing with Zoom <= 4.4.4 - Open Redirect
6.1
CVE-2024-33584
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
BizPrint <= 4.5.4 - Cross-Site Request Forgery to Cross-Site Scripting via process.php
6.1
CVE-2024-29773
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Evergreen Content Poster <= 1.4.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-29099
Mar 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Simple Membership <= 4.4.1 - Open Redirect
6.1
CVE-2024-22308
Jan 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2024-30181
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
SV Forms <= 2.0.05 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51877 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 8, 2024
Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-38741 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37958 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37959 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Testimonials Widget <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37553 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 6, 2024
TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-33948 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 30, 2024
Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-32961 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 23, 2024
Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-32831 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 22, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-32556 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 16, 2024
Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta CVE-2024-1434 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 26, 2024
WP PT-Viewer <= 2.0.2 - Reflected Cross-Site Scripting CVE-2025-23438 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 16, 2025
Wp-Scribd-List <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2025-23436 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 16, 2025
Admin SMS Alert<=1.1.0 - Cross-Site Request Forgery to Stored Cross Site Scripting CVE-2024-51637 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 1, 2024
GMO Social Connection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-51636 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 1, 2024
Wsify Widget <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-48048 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 14, 2024
Video Conferencing with Zoom <= 4.4.4 - Open Redirect CVE-2024-33584 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 25, 2024
BizPrint <= 4.5.4 - Cross-Site Request Forgery to Cross-Site Scripting via process.php CVE-2024-29773 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Evergreen Content Poster <= 1.4.1 - Reflected Cross-Site Scripting CVE-2024-29099 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
Simple Membership <= 4.4.1 - Open Redirect CVE-2024-22308 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 19, 2024
Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-30181 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N March 25, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.