WPScanTeam

8
All Time Ranking
287
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 101-120 of 287 Vulnerabilities

Title CVE ID CVSS Vector Date
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization CVE-2022-4237 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read CVE-2022-4236 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download CVE-2022-4107 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N November 22, 2022
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download CVE-2022-3762 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N October 27, 2022
Browser and Operating System Finder <= 1.2 - Missing Authorization 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L June 2, 2022
Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N March 28, 2022
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L November 3, 2021
SEO Redirection Plugin – 301 Redirect Manager <= 7.8 - Cross-Site Request Forgery 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H September 15, 2021
Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update CVE-2021-4445 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L August 30, 2021
Jock on air now <= 5.6.1 - Cross-Site Request Forgery to Settings Update 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N August 18, 2021
Elementor Addon Elements <= 1.11.7 - Cross-Site Request Forgery 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N July 20, 2021
Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal CVE-2019-15648 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N July 2, 2019
TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0333 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 18, 2023
Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-4497 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 19, 2022
Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2022
VDZ Google Analytics or Google Tag Manager / GTM <= 1.5.5 - Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 2, 2021
Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 19, 2021
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L January 3, 2022
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L January 3, 2022
MWB Point of Sale (POS) for WooCommerce <= 1.0.0 - Missing Authorization 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L August 10, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation