Majed Refaea

40
All Time Ranking
101
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 101 Vulnerabilities

Title CVE ID CVSS Vector Date
Zita Elementor Site Library <= 1.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-37420 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 28, 2024
Ali2Woo Lite <= 3.4.4 - Cross-Site Request Forgery to PHP Object Injection CVE-2024-37212 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H June 20, 2024
OSS Aliyun <= 1.4.10 - Authenticated (Administrator+) SQL Injection CVE-2024-30494 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H March 28, 2024
InstaWP Connect <= 0.1.0.8 - Authenticated (Subscriber+) Remote Code Execution CVE-2024-25918 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 14, 2024
InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection CVE-2024-23507 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 24, 2024
InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update CVE-2024-22145 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 17, 2024
Debug Log Manager <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting CVE-2024-32582 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 16, 2024
RapidLoad Power-Up for Autoptimize <= 2.2.11 - Unauthenticated Server-Side Request Forgery CVE-2024-31288 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 5, 2024
Builderall Builder for WordPress <= 2.0.1 - Unauthenticated Server-Side Request Forgery CVE-2024-30532 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 29, 2024
Brave Popup Builder <= 0.6.5 - Unauthenticated Server-Side Request Forgery CVE-2024-30453 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 28, 2024
Multiple Page Generator Plugin – MPG <= 3.4.0 - Authenticated (Editor+) Remote Code Execution CVE-2024-27951 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download CVE-2024-35754 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N June 6, 2024
Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization CVE-2024-31283 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 5, 2024
BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php CVE-2024-27197 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N February 26, 2024
Photo Engine <= 6.3.1 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-39660 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
WappPress <= 6.0.4 - Authenticated (Subscriber+) Server-Side Request Forgery CVE-2024-38758 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
Zoho Campaigns <= 2.0.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-38752 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
Magical Addons For Elementor <= 1.1.41 - Authenticated (Subscriber+) Server-Side Request Forgery CVE-2024-38730 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
WP GoToWebinar <= 15.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-38671 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Ali2Woo Lite <= 3.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-37214 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 20, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation