Rafie Muhammad

Organization: Patchstack

2
All Time Ranking
559
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 201-220 of 559 Vulnerabilities

Title CVE ID CVSS Vector Date
WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) <= 1.3.2 - Unauthenticated PHP Object Injection CVE-2024-30224 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 26, 2024
Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery CVE-2024-23500 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 26, 2024
Shortlinks by Pretty Links <= 3.6.2 - Reflected Cross-Site Scripting via post_status CVE-2024-29770 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Calculated Fields Form <= 1.2.54 - Reflected Cross-Site Scripting CVE-2024-29759 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Easy Social Share Buttons <= 9.4 - Reflected Cross-Site Scripting CVE-2024-30196 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Forminator <= 1.29.0 - Reflected Cross-Site Scripting CVE-2024-29777 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
RoyalSlider <= 3.4.2 - Reflected Cross-Site Scripting CVE-2024-30195 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting CVE-2024-29790 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting CVE-2024-29792 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Booster for WooCommerce <= 7.1.7 - Reflected Cross-Site Scripting CVE-2024-29760 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
WP Google Maps <= 9.0.29 - Reflected Cross-Site Scripting CVE-2024-29931 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Advanced Access Manager <= 6.9.20 - Reflected Cross-Site Scripting CVE-2024-29127 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 20, 2024
GiveWP <= 3.3.1 - Reflected Cross-Site Scripting CVE-2024-27987 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
WP Armour – Honeypot Anti Spam <= 2.1.13 - Reflected Cross-Site Scripting CVE-2024-29091 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting CVE-2024-29092 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
Pie Register <= 3.8.3.2 - Unauthenticated Arbitrary File Upload CVE-2024-27957 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion CVE-2024-27971 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Automatic <= 3.92.0 - Unauthenticated SQL Injection CVE-2024-27956 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation CVE-2024-27955 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 13, 2024
Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery CVE-2024-27954 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation