Wordfence Intelligence   >   Vulnerability Researchers   >   muhammad yudha

muhammad yudha

42
All Time Ranking
122
All Time Discoveries
18
90 Day Published Submissions
15 Apr '25
Last Published Submission

About

A former blogger turned security researcher.

After nearly a decade of writing, blogging became more challenging, so I started exploring other fields and discovered security research.

I never expected to enjoy it more than blogging, but I do. I love this field and the constant opportunity to learn something new every day.

5 Achievements

Learn more about Achievements
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
January 16, 2025
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
December 17, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
December 13, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
December 5, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
September 30, 2024
Learn more Learn more about Achievements

Showing 1-20 of 122 Vulnerabilities

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2025-2314
Apr 15, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Delete User Accounts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-26906
Apr 11, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Additional Custom Product Tabs for WooCommerce <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-26749
Apr 11, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Nepali Date Converter <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-26950
Apr 11, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Simple Spoiler <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31020
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Nav Menu Manager <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31017
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
m1.DownloadList <= 0.21 - Authenticated (Contributor+) Sensitive Information Disclosure
4.3
CVE-2025-32164
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
VG WooCarousel <= 1.3 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32153
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Embed Chessboard <= 3.07.00 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-32177
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Follow Us Badges <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31804
Apr 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Plugin Info Card <= 5.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31835
Apr 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31811
Apr 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
OSM – OpenStreetMap <= 6.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31557
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31562
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Custom Database Applications by Caspio <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31559
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Trackserver <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-30961
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
OpenMenu <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31593
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Send E-mail <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31592
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2025-2006
Mar 28, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Dropdown Multisite selector < 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-31090
Mar 28, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-2314 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 15, 2025
WP Delete User Accounts <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-26906 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 11, 2025
Additional Custom Product Tabs for WooCommerce <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-26749 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 11, 2025
Nepali Date Converter <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-26950 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 11, 2025
Simple Spoiler <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31020 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 9, 2025
Nav Menu Manager <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31017 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 9, 2025
m1.DownloadList <= 0.21 - Authenticated (Contributor+) Sensitive Information Disclosure CVE-2025-32164 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 4, 2025
VG WooCarousel <= 1.3 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32153 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
Embed Chessboard <= 3.07.00 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32177 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 4, 2025
Follow Us Badges <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31804 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 1, 2025
WP Plugin Info Card <= 5.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31835 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 1, 2025
Planyo online reservation system <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31811 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 1, 2025
OSM – OpenStreetMap <= 6.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31557 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
Uptime Robot Plugin for WordPress <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31562 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
Custom Database Applications by Caspio <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31559 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
Trackserver <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-30961 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
OpenMenu <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31593 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
Send E-mail <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31592 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 31, 2025
Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2025-2006 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 28, 2025
Dropdown Multisite selector < 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-31090 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 28, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.