Wordfence Intelligence   >   Vulnerability Researchers   >   Marco Wotschka

Marco Wotschka

Organization: Wordfence

15
All Time Ranking
239
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 13, 2023
Learn more Learn more about Achievements

Showing 121-140 of 239 Vulnerabilities

Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state
5.4
CVE-2023-0711
Feb 7, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder
5.4
CVE-2023-0715
Feb 7, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state
5.4
CVE-2023-0722
Feb 7, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder
5.4
CVE-2023-0726
Feb 7, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders
5.4
CVE-2023-0685
Feb 6, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders
5.4
CVE-2023-0684
Feb 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Social Warfare <= 4.3.0 - Missing Authorization
5.4
CVE-2023-0402
Jan 5, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Social Warfare <= 4.3.1 - Cross-Site Request Forgery
5.4
CVE-2023-0403
Jan 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Events Made Easy <= 2.3.16 - Missing Authorization
5.4
CVE-2023-0404
Dec 23, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication
5.4
CVE-2022-2223
May 24, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication
5.4
CVE-2022-2224
May 24, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure
5.3
CVE-2023-4723
Nov 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
5.3
CVE-2023-5533
Oct 11, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
5.3
CVE-2023-5254
Oct 11, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe
5.3
CVE-2023-4668
Sep 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax
5.3
CVE-2023-4645
Sep 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass
5.3
CVE-2023-2159
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure
5.3
CVE-2023-1263
Mar 7, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
4.9
CVE-2023-2354
Jun 15, 2023
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
4.9
CVE-2023-2688
May 23, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Title CVE ID CVSS Vector Date
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state CVE-2023-0711 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L February 7, 2023
Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder CVE-2023-0715 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state CVE-2023-0722 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder CVE-2023-0726 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N February 7, 2023
Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders CVE-2023-0685 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N February 6, 2023
Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders CVE-2023-0684 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L February 6, 2023
Social Warfare <= 4.3.0 - Missing Authorization CVE-2023-0402 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L January 5, 2023
Social Warfare <= 4.3.1 - Cross-Site Request Forgery CVE-2023-0403 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L January 5, 2023
Events Made Easy <= 2.3.16 - Missing Authorization CVE-2023-0404 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N December 23, 2022
Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication CVE-2022-2223 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N May 24, 2022
Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication CVE-2022-2224 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N May 24, 2022
Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure CVE-2023-4723 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 15, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions CVE-2023-5533 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 11, 2023
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user CVE-2023-5254 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 11, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe CVE-2023-4668 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 22, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax CVE-2023-4645 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 22, 2023
CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass CVE-2023-2159 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 18, 2023
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure CVE-2023-1263 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 7, 2023
CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-2354 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N June 15, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N May 23, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation