9
All Time Ranking
280
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

𝕯𝖎𝖘𝖙𝖚𝖗𝖇 𝖙𝖍𝖊 𝕻𝖊𝖆𝖈𝖊 // Darkness lurking below the surface?

Showing 221-240 of 280 Vulnerabilities

Title CVE ID CVSS Vector Date
wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions CVE-2023-45760 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N October 12, 2023
Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L March 1, 2023
JS Help Desk <= 2.7.1 - Cross-Site Request Forgery CVE-2022-46842 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N January 27, 2023
Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference CVE-2021-36906 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N October 21, 2022
Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-36383 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N September 1, 2022
WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-36365 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N September 1, 2022
Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery CVE-2022-29435 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L May 17, 2022
Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting CVE-2022-27854 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N April 26, 2022
Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery CVE-2022-27850 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L April 15, 2022
WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.2.3 - Cross-Site Request Forgery CVE-2022-25600 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 22, 2022
Email Tracker <= 5.2.6 - Cross-Site Request Forgery CVE-2021-44777 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L November 1, 2021
Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Cross-Site Request Forgery CVE-2021-36876 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N July 27, 2021
Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter CVE-2021-24322 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N May 16, 2021
HomeSweet - Real Estate WordPress Theme <= 1.4 - Insecure Direct Object Reference 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L June 17, 2020
Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery CVE-2024-31932 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 10, 2024
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease CVE-2023-3998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 12, 2023
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease CVE-2023-3869 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 12, 2023
Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection CVE-2023-25790 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N February 16, 2023
Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure CVE-2022-27849 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 15, 2022
Cooked – Recipe Management <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection CVE-2024-39682 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N July 17, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation