Wordfence Intelligence   >   Vulnerability Researchers   >   zakaria

zakaria

88
All Time Ranking
46
All Time Discoveries
19
90 Day Published Submissions
12 Mar '25
Last Published Submission

5 Achievements

Learn more about Achievements
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
January 8, 2025
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
December 6, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
November 22, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 20, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
November 20, 2024
Learn more Learn more about Achievements

Showing 1-20 of 46 Vulnerabilities

CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-1559
Mar 12, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12815
Mar 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Feb 27, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-1560
Feb 27, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12820
Feb 27, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Autoship Cloud for WooCommerce Subscription Products <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13461
Feb 20, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13648
Feb 20, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13462
Feb 18, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13588
Feb 17, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13395
Feb 17, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13463
Jan 30, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13397
Jan 30, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13396
Jan 30, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-13380
Jan 29, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13548
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12817
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-12816
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13542
Jan 23, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13590
Jan 21, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
ViewMedica 9 <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-13394
Jan 14, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-1559 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 12, 2025
Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12815 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 4, 2025
BuddyHolis TableSearch <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 27, 2025
WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-1560 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 27, 2025
MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12820 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 27, 2025
Autoship Cloud for WooCommerce Subscription Products <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13461 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 20, 2025
Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13648 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 20, 2025
WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13462 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 18, 2025
Simplebooklet PDF Viewer and Embedder <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13588 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 17, 2025
Threepress <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13395 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 17, 2025
SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13463 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2025
WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13397 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2025
Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13396 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 30, 2025
Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-13380 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 29, 2025
Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13548 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 24, 2025
Etsy Importer <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12817 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 24, 2025
NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-12816 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 24, 2025
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13542 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 23, 2025
Ketchup Shortcodes <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13590 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 21, 2025
ViewMedica 9 <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-13394 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 14, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.