Wordfence Intelligence   >   Vulnerability Researchers   >   Krzysztof Zając

Krzysztof Zając

Organization: CERT PL

4
All Time Ranking
423
All Time Discoveries
14
90 Day Published Submissions
24 Oct '24
Last Published Submission

About

Finding WordPress vulnerabilities using https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html

9 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
April 22, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
April 4, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
March 19, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
February 27, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
February 9, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 23, 2024
1337 Vulnerability Researcher
1337 Vulnerability Researcher
January 2, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 2, 2024
Learn more Learn more about Achievements

Showing 21-40 of 423 Vulnerabilities

Popup Builder <= 4.1.0 - SQL Injection
9.8
CVE-2022-0479
Mar 7, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution
9.8
CVE-2021-25003
Feb 21, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter
9.8
CVE-2022-0169
Feb 15, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NotificationX <= 2.3.8 - Blind SQL Injection
9.8
CVE-2022-0349
Feb 2, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection
9.8
CVE-2022-0434
Feb 1, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection
9.8
CVE-2022-0412
Jan 31, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection
9.8
CVE-2021-25114
Jan 7, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update
9.8
CVE-2021-25032
Dec 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter
9.8
CVE-2021-24946
Nov 15, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection
9.8
CVE-2021-24943
Nov 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection
9.8
CVE-2021-24931
Nov 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css
9.1
CVE-2023-6699
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-2386
Jun 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode
8.8
CVE-2024-5431
Jun 24, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter
8.8
CVE-2024-5605
Jun 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
8.8
CVE-2024-3564
May 31, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution
8.8
CVE-2024-3750
May 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-2831
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
8.8
CVE-2024-3293
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-3211
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Popup Builder <= 4.1.0 - SQL Injection CVE-2022-0479 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 7, 2022
WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution CVE-2021-25003 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 21, 2022
Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter CVE-2022-0169 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 15, 2022
NotificationX <= 2.3.8 - Blind SQL Injection CVE-2022-0349 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 2, 2022
Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection CVE-2022-0434 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 1, 2022
TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection CVE-2022-0412 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 31, 2022
Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection CVE-2021-25114 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 7, 2022
PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update CVE-2021-25032 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 8, 2021
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter CVE-2021-24946 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 15, 2021
Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection CVE-2021-24943 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2021
Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection CVE-2021-24931 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2021
WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css CVE-2023-6699 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N January 3, 2024
WordPress Plugin for Google Maps – WP MAPS <= 4.6.1 - Authenticated (Contributor+) SQL Injection CVE-2024-2386 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 28, 2024
WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode CVE-2024-5431 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 24, 2024
Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter CVE-2024-5605 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 19, 2024
Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode CVE-2024-3564 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 31, 2024
Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution CVE-2024-3750 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 15, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2831 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode CVE-2024-3293 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 22, 2024
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection CVE-2024-3211 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 11, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation