Muhammad Zeeshan (Xib3rR4dAr)

88
All Time Ranking
40
All Time Discoveries
0
90 Day Published Submissions
26 Mar '24
Last Published Submission
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
December 12, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 20, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
February 28, 2024

Showing 1-20 of 40 Vulnerabilities

Title CVE ID CVSS Vector Date
Responsive <= 5.0.2 - Missing Authorization to HTML Injection CVE-2024-2848 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N March 28, 2024
Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization CVE-2024-2962 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 26, 2024
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing CVE-2024-2340 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 20, 2024
Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry CVE-2024-2344 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H March 20, 2024
Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action CVE-2024-2343 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 20, 2024
Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-2311 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 20, 2024
Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting CVE-2024-2738 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 20, 2024
Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor CVE-2024-2543 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N March 20, 2024
Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification CVE-2024-2538 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L March 18, 2024
Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries CVE-2024-1668 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N March 1, 2024
Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload CVE-2024-1468 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 28, 2024
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date CVE-2022-4215 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn CVE-2022-4213 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion CVE-2022-4219 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf CVE-2022-4210 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID CVE-2022-4216 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf CVE-2022-4209 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf CVE-2022-4212 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key CVE-2022-4217 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion CVE-2022-4220 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 2, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation