211
All Time Ranking
12
All Time Discoveries
1
90 Day Published Submissions
14 Oct '24
Last Published Submission
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Resourceful Researcher
Resourceful Researcher
July 31, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 4, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 22, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 3, 2024

12 Vulnerabilities

Title CVE ID CVSS Vector Date
weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer CVE-2024-0386 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 12, 2024
WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission CVE-2023-7063 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N January 19, 2024
ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url CVE-2023-6828 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N January 3, 2024
LearnPress <= 4.2.6.3 - Insecure Direct Object Reference CVE-2024-1289 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 4, 2024
Formidable Forms <= 6.7 - HTML Injection CVE-2023-6830 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N January 8, 2024
Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A CVE-2024-1128 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L February 20, 2024
WooCommerce <= 9.0.2 - Unauthenticated HTML Injection CVE-2024-9944 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 14, 2024
Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-6957 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N March 5, 2024
PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting CVE-2023-6953 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N January 22, 2024
LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting CVE-2024-1463 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 4, 2024
Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-6842 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N January 8, 2024
Tutor LMS <= 2.6.0 - Missing Authorization CVE-2024-1133 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 20, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation