5
All Time Ranking
416
All Time Discoveries
5
90 Day Published Submissions
11 Dec '24
Last Published Submission
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
December 11, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
September 24, 2024

Showing 161-180 of 416 Vulnerabilities

Title CVE ID CVSS Vector Date
Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery CVE-2023-49769 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N December 5, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting CVE-2023-49771 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 5, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-49770 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N December 5, 2023
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection CVE-2023-49764 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 4, 2023
AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure CVE-2023-49762 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N December 4, 2023
Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure CVE-2023-49194 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N December 1, 2023
Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip CVE-2023-49741 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N December 1, 2023
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection CVE-2023-49166 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 29, 2023
Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions CVE-2023-41671 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 28, 2023
WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby CVE-2023-48764 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H November 28, 2023
Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass CVE-2023-48753 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N November 27, 2023
Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip CVE-2023-41134 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 27, 2023
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection CVE-2023-48741 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 23, 2023
License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection CVE-2023-48742 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 23, 2023
Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log CVE-2023-48272 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 21, 2023
Maspik – Spam blacklist <= 0.10.3 - Bypass CVE-2023-48271 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N November 21, 2023
SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings CVE-2023-47832 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 16, 2023
WP Maintenance <= 6.1.3 - IP Restriction Bypass CVE-2023-47769 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 14, 2023
CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery CVE-2023-47765 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 14, 2023
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log CVE-2023-40600 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation