Wordfence Intelligence   >   Vulnerability Researchers   >   SOPROBRO

SOPROBRO

7
All Time Ranking
397
All Time Discoveries
37
90 Day Published Submissions
20 Dec '24
Last Published Submission

5 Achievements

Learn more about Achievements
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
December 11, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
November 22, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
November 20, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 20, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
November 20, 2024
Learn more Learn more about Achievements

Showing 1-20 of 397 Vulnerabilities

real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12697
Dec 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode
6.4
CVE-2024-12591
Dec 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12509
Dec 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-11812
Dec 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Spotlightr <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11411
Dec 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function
5.4
CVE-2024-12554
Dec 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Responsive Google Maps | by imbaa <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-56011
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-12555
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
IMS Countdown <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11755
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11763
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11759
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-11754
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Wp Login with Ajax <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54416
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54424
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
LeaderBoard Plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54426
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Add image to Post <= 0.6 - Cross-Site Request Forgery
4.3
CVE-2024-54428
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54429
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
XPD Reduce Image Filesize <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54409
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SOPA Blackout <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54410
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ECT Product Carousel <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2024-54412
Dec 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12697 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 20, 2024
MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode CVE-2024-12591 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 20, 2024
Embed Twine <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12509 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 19, 2024
Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-11812 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 19, 2024
Spotlightr <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-11411 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 19, 2024
Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function CVE-2024-12554 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 17, 2024
Responsive Google Maps | by imbaa <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-56011 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 14, 2024
SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-12555 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 13, 2024
IMS Countdown <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-11755 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 13, 2024
Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-11763 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 13, 2024
Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-11759 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 13, 2024
Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-11754 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 12, 2024
Wp Login with Ajax <= 0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54416 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
Like in Vk.com <= 0.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54424 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
LeaderBoard Plugin <= 1.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54426 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
Add image to Post <= 0.6 - Cross-Site Request Forgery CVE-2024-54428 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N December 12, 2024
Aphorismus <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54429 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
XPD Reduce Image Filesize <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54409 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
SOPA Blackout <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54410 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024
ECT Product Carousel <= 1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-54412 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 12, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation