Wordfence Intelligence   >   Vulnerability Researchers   >   Noah Stead (TurtleBurg)

Noah Stead (TurtleBurg)

224
All Time Ranking
14
All Time Discoveries
3
90 Day Published Submissions
7 Mar '25
Last Published Submission

4 Achievements

Learn more about Achievements
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
January 7, 2025
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
December 6, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
October 16, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
October 16, 2024
Learn more Learn more about Achievements

14 Vulnerabilities

VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2024-11640
Mar 7, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update
4.3
CVE-2024-13883
Feb 20, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2024-11641
Jan 25, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion
4.3
CVE-2024-12206
Jan 8, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure
7.5
CVE-2024-12330
Jan 8, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-12112
Jan 7, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API
6.5
CVE-2024-10548
Dec 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
4.3
CVE-2024-12201
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure
4.3
CVE-2024-12329
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication
4.3
CVE-2024-12115
Dec 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update
4.3
CVE-2024-10606
Nov 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion
5.3
CVE-2024-10520
Nov 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting
6.1
CVE-2024-8717
Oct 23, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting
6.1
CVE-2024-9951
Oct 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-11640 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 7, 2025
WPUpper Share Buttons <= 3.51 - Cross-Site Request Forgery to Custom CSS Update CVE-2024-13883 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 20, 2025
VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-11641 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H January 25, 2025
Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion CVE-2024-12206 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 8, 2025
WP Database Backup – Unlimited Database & Files Backup by Backup for WP <= 7.3 - Unauthenticated Database Back-Up Exposure CVE-2024-12330 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N January 8, 2025
Easy Form Builder <= 3.8.8 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-12112 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 7, 2025
WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API CVE-2024-10548 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 18, 2024
Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation CVE-2024-12201 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N December 11, 2024
Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure CVE-2024-12329 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N December 11, 2024
Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication CVE-2024-12115 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N December 6, 2024
WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update CVE-2024-10606 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N November 22, 2024
WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion CVE-2024-10520 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N November 19, 2024
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting CVE-2024-8717 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 23, 2024
Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting CVE-2024-9951 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 16, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.