Wordfence Intelligence   >   Vulnerability Researchers   >   Marco Wotschka

Marco Wotschka

Organization: Wordfence

15
All Time Ranking
239
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 13, 2023
Learn more Learn more about Achievements

Showing 21-40 of 239 Vulnerabilities

Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update
8.8
CVE-2022-2942
Nov 14, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery
8.8
CVE-2022-3898
Nov 8, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
VR Calendar <= 2.3.3 - Cross-Site Request Forgery
8.8
CVE-2022-3852
Nov 3, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Corner Ad <= 1.0.56 - Cross-Site Request Forgery
8.8
CVE-2022-3427
Sep 9, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
8.8
CVE-2022-2432
Jul 11, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
8.7
CVE-2023-5504
Nov 22, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
8.1
CVE-2023-4402
Sep 13, 2023
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
8.1
CVE-2023-4386
Sep 13, 2023
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Quick Restaurant Menu <= 2.0.2 - Missing Authorization
8.1
CVE-2023-0555
Jan 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery
8.1
CVE-2023-0554
Jan 27, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference
8.1
CVE-2023-0550
Jan 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-2841
Oct 21, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id
7.2
CVE-2023-2188
Jun 22, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-2607
May 16, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2023-2484
May 12, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-1912
Apr 6, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update
7.1
CVE-2022-4501
Dec 14, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
6.8
CVE-2023-5505
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure
6.5
CVE-2024-8106
Sep 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
6.5
CVE-2023-5070
Oct 16, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Title CVE ID CVSS Vector Date
Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update CVE-2022-2942 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 14, 2022
WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery CVE-2022-3898 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 8, 2022
VR Calendar <= 2.3.3 - Cross-Site Request Forgery CVE-2022-3852 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 3, 2022
Corner Ad <= 1.0.56 - Cross-Site Request Forgery CVE-2022-3427 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H September 9, 2022
Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update CVE-2022-2432 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 11, 2022
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CVE-2023-5504 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H November 22, 2023
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products CVE-2023-4402 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H September 13, 2023
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries CVE-2023-4386 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H September 13, 2023
Quick Restaurant Menu <= 2.0.2 - Missing Authorization CVE-2023-0555 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H January 27, 2023
Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery CVE-2023-0554 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H January 27, 2023
Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference CVE-2023-0550 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H January 27, 2023
Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection CVE-2023-2841 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 21, 2023
Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id CVE-2023-2188 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H June 22, 2023
Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection CVE-2023-2607 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 16, 2023
Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection CVE-2023-2484 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 12, 2023
Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting CVE-2023-1912 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 6, 2023
Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update CVE-2022-4501 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L December 14, 2022
BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal CVE-2023-5505 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H August 16, 2024
The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure CVE-2024-8106 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N September 3, 2024
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure CVE-2023-5070 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N October 16, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation