🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > stealthcopter

stealthcopter

All Time Ranking

373

All Time Discoveries

90 Day Published Submissions

19 Nov '24

Last Published Submission

10 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 141-160 of 373 Vulnerabilities

Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7413

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7382

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7412

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7416

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7410

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-7414

Aug 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6552

Aug 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update

4.3

CVE-2024-6824

Aug 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WooCommerce Product Table Lite <= 3.5.1 - Unauthenticated Arbitrary Shortcode Execution

4.8

CVE-2024-43128

Aug 7, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6567

Aug 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-39659

Aug 1, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6566

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6546

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6549

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6545

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6573

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure

5.3

CVE-2024-6548

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure

5.3

CVE-2024-6547

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure

5.3

CVE-2024-6569

Jul 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2024-6589

Jul 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure	CVE-2024-7413	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure	CVE-2024-7382	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure	CVE-2024-7412	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure	CVE-2024-7416	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure	CVE-2024-7410	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure	CVE-2024-7414	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 8, 2024
Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure	CVE-2024-6552	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 7, 2024
Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update	CVE-2024-6824	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 7, 2024
WooCommerce Product Table Lite <= 3.5.1 - Unauthenticated Arbitrary Shortcode Execution	CVE-2024-43128	4.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N	August 7, 2024
Ebook Store <= 5.8001 - Unauthenticated Full Path Disclosure	CVE-2024-6567	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 1, 2024
WP-PostRatings <= 1.91.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-39659	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 1, 2024
Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure	CVE-2024-6566	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
One Click Close Comments <= 2.7.1 - Unauthenticated Full Path Disclosure	CVE-2024-6546	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure	CVE-2024-6549	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure	CVE-2024-6545	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Intelligence <= 1.4.0 - Unauthenticated Full Path Disclosure	CVE-2024-6573	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure	CVE-2024-6548	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure	CVE-2024-6547	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure	CVE-2024-6569	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 26, 2024
LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion	CVE-2024-6589	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 24, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation