Rafshanzani Suhada

40
All Time Ranking
101
All Time Discoveries
2
90 Day Published Submissions
4 Nov '24
Last Published Submission
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
June 6, 2024
Resourceful Researcher
Resourceful Researcher
June 3, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 30, 2023

Showing 1-20 of 101 Vulnerabilities

Title CVE ID CVSS Vector Date
Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion CVE-2023-44227 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H September 28, 2023
Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection CVE-2023-23796 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L June 28, 2023
GiveWP <= 2.25.1 - Unauthenticated CSV Injection CVE-2023-22719 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H March 8, 2023
Backup Migration <= 1.3.6 - Unauthenticated Arbitrary Backup Download to Sensitive Information Exposure CVE-2023-6266 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N November 30, 2023
YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure CVE-2022-2369 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N July 11, 2022
Master Addons for Elementor <= 2.0.5.3 - Missing Authorization CVE-2023-40679 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L August 22, 2023
Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection CVE-2023-34179 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 30, 2023
Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting CVE-2023-25020 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 6, 2023
Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting CVE-2022-2565 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 10, 2022
Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection CVE-2022-2559 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 2, 2022
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery CVE-2023-24419 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L February 1, 2023
Pods <= 2.9.10.2 - Cross-Site Request Forgery CVE-2023-23790 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L January 20, 2023
Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection CVE-2023-23991 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H January 20, 2023
Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log CVE-2023-45275 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N October 6, 2023
Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure CVE-2023-36523 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N June 27, 2023
Form Builder <= 1.9.9.0 - Cross-Site Request Forgery CVE-2023-23795 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N June 19, 2023
oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode CVE-2024-6391 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 8, 2024
Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox CVE-2023-6692 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2024
Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-6382 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 31, 2024
Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-6500 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 12, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation