9
All Time Ranking
280
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

𝕯𝖎𝖘𝖙𝖚𝖗𝖇 𝖙𝖍𝖊 𝕻𝖊𝖆𝖈𝖊 // Darkness lurking below the surface?

Showing 61-80 of 280 Vulnerabilities

Title CVE ID CVSS Vector Date
Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution CVE-2021-24430 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 5, 2021
WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution CVE-2021-24209 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H March 16, 2021
Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N October 12, 2020
Careerfy <= 4.0.0 - Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N July 5, 2020
CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting CVE-2019-20212 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N December 27, 2019
CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting CVE-2019-20211 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N December 27, 2019
Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 26, 2019
Intelligent WordPress Live Chat Support Plugin | Utilities <= 1.0.4 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 25, 2019
uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) CVE-2021-36874 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L July 27, 2021
Careerfy <= 4.3.0 - Reflected Cross-Site Scripting 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L July 22, 2020
Golo - City Travel Guide WordPress Theme < 1.3.3 - Reflected Cross-Site Scripting 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L July 11, 2020
CareerUp < 2.3.1 - Reflected Cross-Site Scripting CVE-2022-1167 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L July 3, 2020
Findgo <= 1.3.31 - Cross-Site Scripting 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L June 17, 2020
YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting CVE-2021-36845 6.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N September 23, 2021
Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download CVE-2021-31567 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N October 29, 2021
Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action CVE-2023-49167 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H November 29, 2023
Chat Bubble <= 2.3 - Cross-Site Request Forgery via cbb_submit_settings_data CVE-2023-48769 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N November 28, 2023
WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection CVE-2023-25790 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N March 1, 2023
Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update CVE-2023-32500 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N March 1, 2023
Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery CVE-2021-36886 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N November 12, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation