10
All Time Ranking
280
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

π•―π–Žπ–˜π–™π–šπ–—π–‡ π–™π–π–Š π•»π–Šπ–†π–ˆπ–Š // Darkness lurking below the surface?

Showing 1-20 of 280 Vulnerabilities

Title CVE ID CVSS Vector Date
Cooked Pro < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49289 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 15, 2024
Cooked Pro < 1.8.0 - Cross-Site Request Forgery CVE-2024-49290 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N October 15, 2024
Cooked Pro < 1.8.0 - Unauthenticated Arbitrary File Upload CVE-2024-49291 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 15, 2024
Cooked – Recipe Management <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-41816 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 4, 2024
Filter & Grids <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-39665 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
Filter & Grids <= 2.8.33 - Cross-Site Request Forgery CVE-2024-39664 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N August 1, 2024
Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Apply CVE-2024-39681 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L July 17, 2024
Cooked – Recipe Management <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection CVE-2024-39682 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N July 17, 2024
Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Template Reset CVE-2024-39679 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 17, 2024
Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery to Settings Update CVE-2024-39680 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 17, 2024
Cooked – Recipe Management <= 1.7.15.4 - Cross-Site Request Forgery via cooked_get_recipe_ids CVE-2024-39678 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 17, 2024
Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters CVE-2023-4017 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 28, 2024
Cooked – Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37308 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 13, 2024
PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery CVE-2023-41864 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 16, 2024
Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-31422 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 10, 2024
Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery CVE-2024-31932 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 10, 2024
Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting CVE-2022-47153 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 28, 2024
Database for Contact Form 7 <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29103 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 15, 2024
Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting CVE-2024-29102 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 15, 2024
New User Approve <= 2.5.1 - Cross-Site Request Forgery via admin_notices CVE-2023-50902 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 26, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation