🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Abdi Pranata

Abdi Pranata

All Time Ranking

266

All Time Discoveries

Showing 221-240 of 266 Vulnerabilities

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function

5.4

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function

5.4

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function

5.4

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery

5.4

CVE-2023-25706

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-25793

Feb 10, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting

6.1

CVE-2024-32950

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AWeber <= 7.3.9 - Missing Authorization via AJAX actions

6.3

CVE-2023-47757

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Kingkong Board <= 2.1.0.2 - Missing Authorization

6.3

CVE-2023-36694

Jul 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Easy Contact Form Lite <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-32147

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2024-29763

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-48780

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49151

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-47755

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-47242

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-47240

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ShortCodes UI <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-47231

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Linker <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-47177

Oct 31, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Minimum Purchase for WooCommerce <= 2.0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-30492

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-41847

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-41687

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function	CVE-2023-25707	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function	CVE-2023-25707	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function	CVE-2023-25707	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 15, 2023
Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery	CVE-2023-25706	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	February 14, 2023
Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting	CVE-2023-25793	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 10, 2023
WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting	CVE-2024-32950	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 22, 2024
AWeber <= 7.3.9 - Missing Authorization via AJAX actions	CVE-2023-47757	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	November 13, 2023
Kingkong Board <= 2.1.0.2 - Missing Authorization	CVE-2023-36694	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	July 4, 2023
Easy Contact Form Lite <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-32147	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 12, 2024
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-29763	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-48780	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 28, 2023
Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49151	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 28, 2023
WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-47755	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 13, 2023
ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-47242	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 7, 2023
CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-47240	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 7, 2023
ShortCodes UI <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-47231	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 3, 2023
Linker <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-47177	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 31, 2023
Minimum Purchase for WooCommerce <= 2.0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-30492	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 16, 2023
Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-41847	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-41687	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 4, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation