Rafie Muhammad

Organization: Patchstack

2
All Time Ranking
559
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 481-500 of 559 Vulnerabilities

Title CVE ID CVSS Vector Date
Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode CVE-2023-31212 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 22, 2023
LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection CVE-2023-28777 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 22, 2023
WooCommerce Warranty Requests <= 2.1.6 - Reflected Cross-Site Scripting CVE-2023-33317 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L May 22, 2023
UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage CVE-2023-32960 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 18, 2023
Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error' CVE-2023-23900 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 17, 2023
Chaty <= 3.0.9 - Reflected Cross-Site Scripting CVE-2023-25019 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 16, 2023
WooCommerce Product Recommendations < 2.3.0 - Cross-Site Request Forgery CVE-2023-32744 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 15, 2023
AutomateWoo <= 5.7.1 - Cross-Site Request Forgery CVE-2023-32745 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 15, 2023
WooCommerce Product Add-ons <= 6.1.3 - Cross-Site Request Forgery CVE-2023-32794 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 15, 2023
Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting CVE-2023-32241 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-32746 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-32793 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting CVE-2023-32802 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting CVE-2023-32801 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 15, 2023
WooCommerce Bookings <= 1.15.78 - Insecure Direct Object Reference CVE-2023-32747 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 15, 2023
WooCommerce Ship to Multiple Addresses <= 3.8.3 - Insecure Direct Object Reference CVE-2023-32799 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 15, 2023
WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection CVE-2023-32795 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 15, 2023
AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection CVE-2023-32743 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N May 15, 2023
Essential Addons for Elementor Pro <= 5.4.8 - Unauthenticated Server-Side Request Forgery CVE-2023-32245 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L May 15, 2023
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins CVE-2023-33333 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 12, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation