Wordfence Intelligence   >   Vulnerability Researchers   >   lucky_buddy

lucky_buddy

358
All Time Ranking
7
All Time Discoveries
7
90 Day Published Submissions
24 Mar '25
Last Published Submission

2 Achievements

Learn more about Achievements
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 21, 2025
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 22, 2025
Learn more Learn more about Achievements

7 Vulnerabilities

EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution
8.8
CVE-2025-2319
Mar 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2025-0807
Mar 21, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion
4.3
CVE-2024-13768
Mar 21, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload
8.1
CVE-2024-13359
Mar 7, 2025
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update
6.5
CVE-2025-0865
Feb 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Reset <= 1.6 - Cross-Site Request Forgery to Database Reset
8.1
CVE-2024-13684
Feb 17, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset
4.3
CVE-2024-13511
Jan 22, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution CVE-2025-2319 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 24, 2025
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update CVE-2025-0807 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 21, 2025
CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion CVE-2024-13768 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 21, 2025
Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload CVE-2024-13359 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H March 7, 2025
WP Media Category Management 2.0 - 2.3.3 - Cross-Site Request Forgery to Settings Update CVE-2025-0865 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N February 18, 2025
Reset <= 1.6 - Cross-Site Request Forgery to Database Reset CVE-2024-13684 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H February 17, 2025
Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset CVE-2024-13511 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 22, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.