🦸 🧭 Calling all superheroes and explorers! Introducing the WordPress Superhero Challenge and WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities AND XSS vulnerabilities are in scope for all researchers in plugins/themes >= 1,000 Active Installs!

Through October 7th, 2024 all Cross-Site Scripting (XSS) vulnerabilities in plugins/themes with >= 1,000 Active Installs will be in scope for all researchers regardless of researcher tier. In addition, through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200.

Check out the updated bounties here!

Wordfence Intelligence > Vulnerability Researchers > Karolis Narvilas

Karolis Narvilas

300

All Time Ranking

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

7 Vulnerabilities

Chatbot with ChatGPT <= 2.4.4 - Unauthenticated SQL Injection

10.0

CVE-2024-6847

Jul 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint

8.8

CVE-2023-5041

Sep 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Chatbot with ChatGPT <= 2.4.4 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-6843

Jul 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Engine <= 2.5.0 - Authenticated (Admin+) Remote Code Execution

7.2

CVE-2024-6451

Jul 29, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Easy Newsletter Signups <= 1.0.4 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-5108

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection

6.6

CVE-2023-5082

Oct 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection

6.6

CVE-2023-4797

Oct 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Chatbot with ChatGPT <= 2.4.4 - Unauthenticated SQL Injection	CVE-2024-6847	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	July 29, 2024
Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint	CVE-2023-5041	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 26, 2023
Chatbot with ChatGPT <= 2.4.4 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-6843	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 29, 2024
AI Engine <= 2.5.0 - Authenticated (Admin+) Remote Code Execution	CVE-2024-6451	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 29, 2024
Easy Newsletter Signups <= 1.0.4 - Authenticated (Admin+) SQL Injection	CVE-2023-5108	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 13, 2023
History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection	CVE-2023-5082	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	October 15, 2023
Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection	CVE-2023-4797	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	October 5, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation