Wordfence Intelligence   >   Vulnerability Researchers   >   Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

2
All Time Ranking
559
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 101-120 of 559 Vulnerabilities

REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-31234
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation
8.8
CVE-2024-27955
Mar 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection
8.8
CVE-2023-52219
Jan 5, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection
8.8
CVE-2023-52202
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton
8.8
CVE-2023-52207
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection
8.8
CVE-2023-52205
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection
8.8
CVE-2023-52182
Dec 29, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload
8.8
CVE-2023-51417
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload
8.8
CVE-2023-51421
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload
8.8
CVE-2023-51410
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion
8.8
CVE-2023-51418
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection
8.8
CVE-2023-51545
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery
8.8
CVE-2023-51474
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection
8.8
CVE-2023-51470
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Build App Online <= 1.0.20 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update
8.8
CVE-2023-51479
Dec 27, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation
8.8
CVE-2023-51398
Dec 26, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ultimate Addons for Elementor <= 1.36.20 - Authenticated (Contributor+) Privilege Escalation
8.8
CVE-2023-50890
Dec 26, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Uncode Core <= 2.8.8 - Privilege Escalation
8.8
CVE-2023-51515
Dec 21, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2023-49825
Dec 5, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox
8.8
CVE-2023-49830
Dec 5, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-31234 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 3, 2024
Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation CVE-2024-27955 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 13, 2024
Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection CVE-2023-52219 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 5, 2024
HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection CVE-2023-52202 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 3, 2024
HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton CVE-2023-52207 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 3, 2024
HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection CVE-2023-52205 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 3, 2024
ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection CVE-2023-52182 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 29, 2023
JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload CVE-2023-51417 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload CVE-2023-51421 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload CVE-2023-51410 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion CVE-2023-51418 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection CVE-2023-51545 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 27, 2023
TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery CVE-2023-51474 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 27, 2023
Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection CVE-2023-51470 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
Build App Online <= 1.0.20 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update CVE-2023-51479 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 27, 2023
Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation CVE-2023-51398 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 26, 2023
Ultimate Addons for Elementor <= 1.36.20 - Authenticated (Contributor+) Privilege Escalation CVE-2023-50890 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 26, 2023
Uncode Core <= 2.8.8 - Privilege Escalation CVE-2023-51515 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 21, 2023
Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection CVE-2023-49825 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 5, 2023
Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox CVE-2023-49830 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 5, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation