Wordfence Intelligence   >   Vulnerability Researchers   >   Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

2
All Time Ranking
559
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 181-200 of 559 Vulnerabilities

Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion
7.2
CVE-2024-31232
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg'
7.2
CVE-2023-40000
Feb 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import
7.2
CVE-2023-51546
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload
7.2
CVE-2023-49814
Dec 5, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload
7.2
CVE-2023-6090
Nov 27, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload
7.2
CVE-2023-47842
Nov 20, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload
7.2
CVE-2023-47784
Nov 14, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection
7.2
CVE-2023-47506
Nov 7, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Nexter Extension <= 2.0.3 - Authenticated(Editor+) Remote Code Execution via metabox
7.2
CVE-2023-45751
Oct 12, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by
7.2
CVE-2023-45001
Oct 3, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation
7.2
CVE-2023-41665
Aug 31, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection
7.2
CVE-2023-33331
May 24, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection
7.2
CVE-2023-33330
May 24, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting
7.2
CVE-2023-32802
May 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection
7.2
CVE-2023-32795
May 15, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2022-45373
May 11, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection
7.2
CVE-2023-26525
Mar 2, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-23830
Feb 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation
7.2
CVE-2023-23990
Feb 6, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload
7.2
CVE-2022-2046
Jul 18, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion CVE-2024-31232 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 3, 2024
LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg' CVE-2023-40000 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 27, 2024
WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import CVE-2023-51546 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 27, 2023
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload CVE-2023-49814 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 5, 2023
Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload CVE-2023-6090 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 27, 2023
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload CVE-2023-47842 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 20, 2023
Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload CVE-2023-47784 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 14, 2023
Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection CVE-2023-47506 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 7, 2023
Nexter Extension <= 2.0.3 - Authenticated(Editor+) Remote Code Execution via metabox CVE-2023-45751 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 12, 2023
Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by CVE-2023-45001 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 3, 2023
Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation CVE-2023-41665 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 31, 2023
WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection CVE-2023-33331 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 24, 2023
WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection CVE-2023-33330 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 24, 2023
WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting CVE-2023-32802 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection CVE-2023-32795 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 15, 2023
Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection CVE-2022-45373 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 11, 2023
Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection CVE-2023-26525 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H March 2, 2023
ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting CVE-2023-23830 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 21, 2023
Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation CVE-2023-23990 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H February 6, 2023
Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload CVE-2022-2046 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 18, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation