🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Abdi Pranata

Abdi Pranata

All Time Ranking

260

All Time Discoveries

Showing 241-260 of 260 Vulnerabilities

CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery

4.3

CVE-2023-28749

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings

4.3

CVE-2023-27623

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ultimate Noindex Nofollow Tool II <= 1.3.3 - Cross-Site Request Forgery

4.3

CVE-2023-30474

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Enable Accessibility <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2023-30484

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax

4.3

CVE-2023-29428

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery

4.3

CVE-2023-29426

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax

4.3

CVE ID Unknown

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()

4.3

CVE-2023-28995

Mar 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize

4.3

CVE-2023-25034

Mar 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery

4.3

CVE-2023-26531

Feb 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery

4.3

CVE-2023-25985

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function

4.3

CVE-2023-25976

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function

4.3

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function

4.3

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function

4.3

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function

4.3

CVE-2023-25707

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP VR <= 8.2.7 - Cross-Site Request Forgery

4.3

CVE-2023-25708

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check

3.5

CVE-2024-24710

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Restaurant & Cafe Addon for Elementor <= 1.5.3 - Missing Authorization via multiple AJAX functions

3.1

CVE-2023-47826

Nov 16, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax

3.1

CVE-2023-47820

Nov 15, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery	CVE-2023-28749	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 9, 2023
WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings	CVE-2023-27623	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 24, 2023
Ultimate Noindex Nofollow Tool II <= 1.3.3 - Cross-Site Request Forgery	CVE-2023-30474	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 13, 2023
Enable Accessibility <= 1.4 - Cross-Site Request Forgery	CVE-2023-30484	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 13, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax	CVE-2023-29428	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 6, 2023
Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery	CVE-2023-29426	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 6, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax		4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 6, 2023
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()	CVE-2023-28995	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 30, 2023
WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize	CVE-2023-25034	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 3, 2023
多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery	CVE-2023-26531	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 24, 2023
WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery	CVE-2023-25985	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 23, 2023
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function	CVE-2023-25976	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 22, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function	CVE-2023-25707	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function	CVE-2023-25707	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function	CVE-2023-25707	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function	CVE-2023-25707	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
WP VR <= 8.2.7 - Cross-Site Request Forgery	CVE-2023-25708	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 14, 2023
Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check	CVE-2024-24710	3.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N	January 31, 2024
Restaurant & Cafe Addon for Elementor <= 1.5.3 - Missing Authorization via multiple AJAX functions	CVE-2023-47826	3.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N	November 16, 2023
WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax	CVE-2023-47820	3.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N	November 15, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation