Wordfence Intelligence   >   Vulnerability Researchers   >   Muhammad Daffa

Muhammad Daffa

28
All Time Ranking
143
All Time Discoveries
0
90 Day Published Submissions
23 May '24
Last Published Submission

About

:)

3 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 12, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
February 2, 2024
Learn more Learn more about Achievements

Showing 101-120 of 143 Vulnerabilities

Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read
4.9
CVE-2022-27844
Apr 7, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
4.4
CVE-2023-47829
Nov 16, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-49836
Oct 24, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2022-47137
Apr 19, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2022-46852
Feb 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)
4.4
CVE-2022-47170
Jan 27, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
GetPaid <= 2.8.11 - Missing Authorization via column_subscription()
4.3
CVE-2024-43973
Aug 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Print Barcode Labels for your WooCommerce products/orders <= 3.4.9 - Missing Authorization
4.3
CVE-2024-43310
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Event Tickets and Registration <= 5.8.1 - Missing Authorization
4.3
CVE-2024-1053
Feb 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization
4.3
CVE-2024-1092
Feb 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Table of Contents Plus <= 2302 - Cross-Site Request Forgery
4.3
CVE-2023-44473
Sep 29, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery
4.3
CVE-2022-47175
Aug 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification
4.3
CVE-2023-25989
Jul 26, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option
4.3
CVE-2022-47169
Jul 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data
4.3
CVE-2022-47172
Jul 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Enhanced Text Widget <= 1.5.8 - Missing Authorization
4.3
CVE-2023-23823
Jun 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery
4.3
CVE-2022-33974
May 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery
4.3
CVE-2022-45372
May 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Performance Lab <= 2.2.0 - Cross-Site Request Forgery via dismiss-wp-pointer
4.3
CVE-2022-47174
May 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Ninja Tables <= 4.3.4 - Cross-Site Request Forgery
4.3
CVE-2022-47136
Apr 20, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read CVE-2022-27844 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 7, 2022
Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-47829 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 16, 2023
Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-49836 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N October 24, 2023
Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2022-47137 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-46852 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 20, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS) CVE-2022-47170 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N January 27, 2023
GetPaid <= 2.8.11 - Missing Authorization via column_subscription() CVE-2024-43973 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N August 28, 2024
Print Barcode Labels for your WooCommerce products/orders <= 3.4.9 - Missing Authorization CVE-2024-43310 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 16, 2024
Event Tickets and Registration <= 5.8.1 - Missing Authorization CVE-2024-1053 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 21, 2024
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization CVE-2024-1092 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 2, 2024
Table of Contents Plus <= 2302 - Cross-Site Request Forgery CVE-2023-44473 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N September 29, 2023
Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery CVE-2022-47175 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 22, 2023
Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification CVE-2023-25989 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 26, 2023
Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option CVE-2022-47169 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 5, 2023
WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data CVE-2022-47172 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 5, 2023
Enhanced Text Widget <= 1.5.8 - Missing Authorization CVE-2023-23823 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 30, 2023
Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery CVE-2022-33974 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 25, 2023
Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery CVE-2022-45372 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 25, 2023
Performance Lab <= 2.2.0 - Cross-Site Request Forgery via dismiss-wp-pointer CVE-2022-47174 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 18, 2023
Ninja Tables <= 4.3.4 - Cross-Site Request Forgery CVE-2022-47136 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation