💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > tahu.datar

tahu.datar

133

All Time Ranking

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 1-20 of 23 Vulnerabilities

Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion

9.8

CVE-2024-54374

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Woolook <= 1.7.0 - Unauthenticated Local File Inclusion

9.8

CVE-2024-54375

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion

9.8

CVE-2024-54380

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Labels For Woocommerce <= 1.5.8 - Authenticated (Administrator+) SQL Injection

4.9

CVE-2024-53817

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2024-53811

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Bootscraper <= 3.0.0 - Unauthenticated Local File Inclusion

9.8

CVE-2024-52449

Nov 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NewsCard <= 1.3 - Unauthenticated Local File Inclusion

9.8

CVE-2024-50434

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Meta News <= 1.1.7 - Unauthenticated Local File Inclusion

9.8

CVE-2024-50435

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Clean Retina <= 3.0.6 - Unauthenticated Local File Inclusion

9.8

CVE-2024-50436

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mags <= 1.1.6 - Unauthenticated Local File Inclusion

9.8

CVE-2024-49701

Oct 21, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Custom Icons for Elementor <= 0.3.3 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2024-49676

Oct 21, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Top Bar – PopUps – by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion

8.1

CVE-2024-47645

Sep 30, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

ABCApp Creator <= 1.1.2 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44023

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPSPX <= 1.0.2 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44034

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Ticket Ultra Help Desk & Support Plugin <= 1.0.5 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44011

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Newsletter Subscription <= 1.1 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44012

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

VR Calendar <= 2.4.4 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44013

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vmax Project Manager <= 1.0 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44014

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Users Control <= 1.0.16 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44015

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Podiant <= 1.1 - Unauthenticated Local File Inclusion

9.8

CVE-2024-44016

Sep 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion	CVE-2024-54374	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
Woolook <= 1.7.0 - Unauthenticated Local File Inclusion	CVE-2024-54375	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
WP Cookies Enabler <= 1.0.1 - Unauthenticated Local File Inclusion	CVE-2024-54380	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
Product Labels For Woocommerce <= 1.5.8 - Authenticated (Administrator+) SQL Injection	CVE-2024-53817	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	December 2, 2024
WDesignkit <= 1.0.40 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2024-53811	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 2, 2024
Bootscraper <= 3.0.0 - Unauthenticated Local File Inclusion	CVE-2024-52449	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 18, 2024
NewsCard <= 1.3 - Unauthenticated Local File Inclusion	CVE-2024-50434	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Meta News <= 1.1.7 - Unauthenticated Local File Inclusion	CVE-2024-50435	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Clean Retina <= 3.0.6 - Unauthenticated Local File Inclusion	CVE-2024-50436	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
Mags <= 1.1.6 - Unauthenticated Local File Inclusion	CVE-2024-49701	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 21, 2024
Custom Icons for Elementor <= 0.3.3 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-49676	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 21, 2024
Top Bar – PopUps – by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion	CVE-2024-47645	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	September 30, 2024
ABCApp Creator <= 1.1.2 - Unauthenticated Local File Inclusion	CVE-2024-44023	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
WPSPX <= 1.0.2 - Unauthenticated Local File Inclusion	CVE-2024-44034	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
WP Ticket Ultra Help Desk & Support Plugin <= 1.0.5 - Unauthenticated Local File Inclusion	CVE-2024-44011	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
WP Newsletter Subscription <= 1.1 - Unauthenticated Local File Inclusion	CVE-2024-44012	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
VR Calendar <= 2.4.4 - Unauthenticated Local File Inclusion	CVE-2024-44013	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
Vmax Project Manager <= 1.0 - Unauthenticated Local File Inclusion	CVE-2024-44014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
Users Control <= 1.0.16 - Unauthenticated Local File Inclusion	CVE-2024-44015	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024
Podiant <= 1.1 - Unauthenticated Local File Inclusion	CVE-2024-44016	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 24, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation