💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > SOPROBRO

SOPROBRO

All Time Ranking

397

All Time Discoveries

90 Day Published Submissions

20 Dec '24

Last Published Submission

5 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 381-397 of 397 Vulnerabilities

WordPress Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-49231

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CJ Change Howdy <= 3.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2024-49223

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

bVerse Convert <= 1.3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-49228

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

cSlider <= 2.4.2 - Cross-Site Request Forgery

6.1

CVE-2024-49221

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Better Author Bio <= 2.7.10.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting

5.4

CVE-2024-49229

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Simple Baseball Scoreboard <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-48025

Oct 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

wp-Monalisa <= 6.4 - Cross-Site Request Forgery

4.3

CVE-2024-48038

Oct 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-47371

Sep 30, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Iconize <= 1.2.4 - Authenticated (Admin+) Remote Code Execution

7.2

CVE-2024-47649

Sep 30, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

TNC PDF viewer <= 3.1.0 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-47372

Sep 30, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

BuddyForms <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-47377

Sep 30, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Automation By Autonami <= 3.1.2 - Authenticated (Administrator+) SQL Injection

4.9

CVE-2024-47328

Sep 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

NiceJob <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2024-44028

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Kodex Posts likes <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-44036

Sep 23, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ShiftController Employee Shift Scheduling <= 4.9.64 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-44040

Sep 23, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

IdeaPush <= 8.66 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-44041

Sep 23, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

RegistrationMagic <= 6.0.1.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-43317

Aug 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WordPress Video <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-49231	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 14, 2024
CJ Change Howdy <= 3.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-49223	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 14, 2024
bVerse Convert <= 1.3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-49228	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 14, 2024
cSlider <= 2.4.2 - Cross-Site Request Forgery	CVE-2024-49221	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 14, 2024
Better Author Bio <= 2.7.10.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-49229	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	October 14, 2024
Simple Baseball Scoreboard <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-48025	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 9, 2024
wp-Monalisa <= 6.4 - Cross-Site Request Forgery	CVE-2024-48038	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 9, 2024
WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-47371	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 30, 2024
Iconize <= 1.2.4 - Authenticated (Admin+) Remote Code Execution	CVE-2024-47649	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 30, 2024
TNC PDF viewer <= 3.1.0 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-47372	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 30, 2024
BuddyForms <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-47377	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 30, 2024
Automation By Autonami <= 3.1.2 - Authenticated (Administrator+) SQL Injection	CVE-2024-47328	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	September 25, 2024
NiceJob <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-44028	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 24, 2024
Kodex Posts likes <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-44036	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 23, 2024
ShiftController Employee Shift Scheduling <= 4.9.64 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-44040	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 23, 2024
IdeaPush <= 8.66 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-44041	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 23, 2024
RegistrationMagic <= 6.0.1.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-43317	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 16, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation