🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Abdi Pranata

Abdi Pranata

All Time Ranking

250

All Time Discoveries

Showing 1-20 of 250 Vulnerabilities

Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload

10.0

CVE-2024-30533

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion

9.1

CVE-2024-1350

Feb 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVE-2023-49856

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update

8.8

CVE-2023-47179

Oct 31, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PeproDev Ultimate Invoice <= 1.9.7 - Unauthenticated Sensitive Information Exposure via init_plugin

7.5

CVE-2024-25933

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking

7.5

CVE-2023-51405

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

7.3

CVE-2023-32117

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

DirectoryPress <= 3.6.2 - Missing Authorization

7.3

CVE-2023-37967

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-29142

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-25444

Aug 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Cleanfix <= 5.6.2 - Missing Authorization via register

7.1

CVE-2023-48775

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery

7.1

CVE-2023-48766

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

LWS Tools <= 2.3.1 - Cross-Site Request Forgery

7.1

CVE-2023-27453

Mar 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Amelia <= 1.0.98 - Missing Authorization

6.5

CVE-2024-22298

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Piotnet Forms <= 1.0.25 - Missing Authorization via multiple AJAX actions

6.5

CVE-2023-51413

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Product Catalog Enquiry <= 5.0.2 - Missing Authorization

6.5

CVE-2023-50899

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions

6.5

CVE-2023-47225

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions

6.5

CVE-2023-46644

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions

6.5

CVE-2023-40209

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Booster Elementor Addons <= 1.4.9 - Missing Authorization

6.5

CVE-2023-38480

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload	CVE-2024-30533	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion	CVE-2024-1350	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	February 8, 2024
Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	CVE-2023-49856	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 7, 2023
WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update	CVE-2023-47179	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 31, 2023
PeproDev Ultimate Invoice <= 1.9.7 - Unauthenticated Sensitive Information Exposure via init_plugin	CVE-2024-25933	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 20, 2024
BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking	CVE-2023-51405	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	December 27, 2023
Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints	CVE-2023-32117	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 12, 2023
DirectoryPress <= 3.6.2 - Missing Authorization	CVE-2023-37967	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 12, 2023
Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-29142	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 18, 2024
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-25444	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 17, 2023
WP Cleanfix <= 5.6.2 - Missing Authorization via register	CVE-2023-48775	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N	November 28, 2023
SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery	CVE-2023-48766	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	November 28, 2023
LWS Tools <= 2.3.1 - Cross-Site Request Forgery	CVE-2023-27453	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H	March 2, 2023
Amelia <= 1.0.98 - Missing Authorization	CVE-2024-22298	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	January 17, 2024
Piotnet Forms <= 1.0.25 - Missing Authorization via multiple AJAX actions	CVE-2023-51413	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	December 27, 2023
Product Catalog Enquiry <= 5.0.2 - Missing Authorization	CVE-2023-50899	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 3, 2023
Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions	CVE-2023-47225	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L	November 3, 2023
WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions	CVE-2023-46644	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 25, 2023
Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions	CVE-2023-40209	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	August 11, 2023
Booster Elementor Addons <= 1.4.9 - Missing Authorization	CVE-2023-38480	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	July 24, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation