Muhammad Zeeshan (Xib3rR4dAr)

85
All Time Ranking
40
All Time Discoveries
0
90 Day Published Submissions
26 Mar '24
Last Published Submission
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 20, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
February 28, 2024

Showing 21-40 of 40 Vulnerabilities

Title CVE ID CVSS Vector Date
Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn CVE-2022-4213 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date CVE-2022-4215 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf CVE-2022-4209 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf CVE-2022-4212 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef CVE-2022-4208 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip CVE-2022-4214 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf CVE-2022-4211 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 2, 2022
Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting CVE-2022-0381 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 26, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key CVE-2022-4217 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 2, 2022
Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID CVE-2022-4216 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 2, 2022
Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID CVE-2022-1961 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N May 31, 2022
Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification CVE-2024-2538 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L March 18, 2024
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion CVE-2022-4220 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying CVE-2022-4218 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 2, 2022
Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion CVE-2022-4219 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 2, 2022
Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization CVE-2024-2962 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 26, 2024
Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing CVE-2024-2340 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 20, 2024
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read CVE-2022-2943 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 22, 2022
WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal CVE-2022-2945 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N August 22, 2022
Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor CVE-2024-2543 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N March 20, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation