Rio Darmawan

Organization: Zerobyte

20
All Time Ranking
190
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 190 Vulnerabilities

Title CVE ID CVSS Vector Date
Get URL Cron <= 1.4.7 - Missing Authorization via geturlcron_action_handle 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N February 15, 2023
bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-24403 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N January 27, 2023
Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting CVE-2023-23821 6.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L January 19, 2023
The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-44264 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 28, 2023
Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-41797 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 5, 2023
WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-39988 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 9, 2023
Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-38516 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 20, 2023
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection CVE-2023-23678 6.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H June 20, 2023
MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-0424 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 28, 2023
Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name CVE-2023-23647 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 21, 2023
Shoppable Images Lite <= 1.2.3 - Missing Authorization 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L February 13, 2023
Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-45767 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 12, 2023
WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-45747 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 12, 2023
Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings CVE-2023-40552 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N August 16, 2023
Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25442 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N February 15, 2023
WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting CVE-2023-25705 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N February 14, 2023
TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23995 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N January 27, 2023
Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23870 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N January 20, 2023
WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23982 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N January 20, 2023
Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23981 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N January 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation