Wordfence Intelligence   >   Vulnerability Researchers   >   Tim Coen

Tim Coen

54
All Time Ranking
88
All Time Discoveries
38
90 Day Published Submissions
15 Apr '25
Last Published Submission

7 Achievements

Learn more about Achievements
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
February 17, 2025
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Resourceful Researcher
Resourceful Researcher
July 23, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
June 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 15, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 27, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 12, 2024
Learn more Learn more about Achievements

Showing 1-20 of 88 Vulnerabilities

Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action
6.1
CVE-2024-13452
Apr 15, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
KB Support โ€“ Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
7.5
CVE-2024-13604
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awesome Support โ€“ WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
7.5
CVE-2024-13567
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure
7.5
CVE-2024-13558
Mar 19, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WordPress form builder plugin for contact forms, surveys and quizzes โ€“ Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-13497
Mar 14, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
NEX-Forms โ€“ Ultimate Form Builder โ€“ Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2024-13498
Mar 11, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name
6.1
CVE-2024-13774
Mar 7, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
5.9
CVE-2024-13640
Mar 7, 2025
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
SupportCandy โ€“ Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference
4.3
CVE-2024-13552
Mar 6, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EventPrime โ€“ Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export
4.3
CVE-2024-13526
Mar 6, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Wallet System for WooCommerce โ€“ Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery
4.3
CVE-2024-13682
Mar 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Wallet System for WooCommerce โ€“ Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization
4.3
CVE-2024-13724
Mar 3, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Better Messages โ€“ Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
7.5
CVE-2024-13611
Feb 28, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fluent Support โ€“ Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
7.5
CVE-2024-13568
Feb 28, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Better Messages โ€“ Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links
4.8
CVE-2024-13697
Feb 28, 2025
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
5.9
CVE-2024-13638
Feb 27, 2025
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details
4.3
CVE-2024-13494
Feb 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
PeproDev Ultimate Invoice <= 2.0.8 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure
5.3
CVE-2024-13719
Feb 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
User Private Files โ€“ File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-13799
Feb 18, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
7.5
CVE-2024-13622
Feb 17, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Title CVE ID CVSS Vector Date
Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting via saveAsCopy AJAX Action CVE-2024-13452 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 15, 2025
KB Support โ€“ Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin <= 1.7.4 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13604 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N April 4, 2025
Awesome Support โ€“ WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13567 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N March 31, 2025
NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure CVE-2024-13558 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N March 19, 2025
WordPress form builder plugin for contact forms, surveys and quizzes โ€“ Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting CVE-2024-13497 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 14, 2025
NEX-Forms โ€“ Ultimate Form Builder โ€“ Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure CVE-2024-13498 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 11, 2025
Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name CVE-2024-13774 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 7, 2025
Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13640 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N March 7, 2025
SupportCandy โ€“ Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference CVE-2024-13552 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N March 6, 2025
EventPrime โ€“ Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export CVE-2024-13526 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N March 6, 2025
Wallet System for WooCommerce โ€“ Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery CVE-2024-13682 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 3, 2025
Wallet System for WooCommerce โ€“ Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization CVE-2024-13724 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 3, 2025
Better Messages โ€“ Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13611 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N February 28, 2025
Fluent Support โ€“ Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13568 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N February 28, 2025
Better Messages โ€“ Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.7.4 - Unauthenticated Limited Server-Side Request Forgery in nice_links CVE-2024-13697 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N February 28, 2025
Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13638 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N February 27, 2025
WordPress File Upload <= 4.25.2 - Cross-Site Request Forgery in wfu_file_details CVE-2024-13494 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 24, 2025
PeproDev Ultimate Invoice <= 2.0.8 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure CVE-2024-13719 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N February 18, 2025
User Private Files โ€“ File Upload & Download Manager with Secure File Sharing <= 2.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-13799 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 18, 2025
File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2024-13622 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N February 17, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.