Wordfence Intelligence   >   Vulnerability Researchers   >   RE-ALTER

RE-ALTER

9
All Time Ranking
280
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

𝕯𝖎𝖘𝖙𝖚𝖗𝖇 𝖙𝖍𝖊 𝕻𝖊𝖆𝖈𝖊 // Darkness lurking below the surface?

Showing 81-100 of 280 Vulnerabilities

Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
7.2
CVE-2022-40215
Sep 22, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting
7.2
CVE-2022-38073
Sep 14, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2022-36365
Sep 1, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2022-36383
Sep 1, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting
6.1
CVE-2022-36390
Aug 25, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload
7.2
CVE-2022-40217
Aug 9, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Download Manager <= 3.2.48 - Cross-Site Request Forgery
8.8
CVE-2022-36288
Aug 2, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference
7.5
CVE-2022-36284
Aug 1, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update
7.2
CVE-2022-36375
Jul 26, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update
7.2
CVE-2022-33970
Jul 25, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update
7.2
CVE-2022-33969
Jul 25, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting
6.4
CVE-2022-34853
Jul 20, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update
9.8
CVE-2022-33198
Jun 30, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update
9.8
CVE-2022-34487
Jun 30, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting
5.5
CVE-2022-30536
Jun 28, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Popup Builder <= 4.1.0 - Cross-Site Request Forgery
4.3
CVE-2022-32289
Jun 17, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization
6.3
CVE-2022-27235
Jun 9, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2022-33960
Jun 9, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery
4.3
CVE-2022-29441
May 26, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery
8.8
CVE-2022-29437
May 26, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-40215 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H September 22, 2022
Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting CVE-2022-38073 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N September 14, 2022
WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-36365 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N September 1, 2022
Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-36383 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N September 1, 2022
Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting CVE-2022-36390 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 25, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload CVE-2022-40217 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 9, 2022
Download Manager <= 3.2.48 - Cross-Site Request Forgery CVE-2022-36288 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H August 2, 2022
Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference CVE-2022-36284 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N August 1, 2022
Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update CVE-2022-36375 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 26, 2022
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update CVE-2022-33970 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 25, 2022
Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update CVE-2022-33969 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 25, 2022
Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting CVE-2022-34853 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 20, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update CVE-2022-33198 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 30, 2022
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update CVE-2022-34487 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 30, 2022
WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting CVE-2022-30536 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N June 28, 2022
Popup Builder <= 4.1.0 - Cross-Site Request Forgery CVE-2022-32289 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 17, 2022
Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization CVE-2022-27235 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 9, 2022
Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection CVE-2022-33960 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 9, 2022
Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery CVE-2022-29441 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 26, 2022
Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery CVE-2022-29437 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 26, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation