Wordfence Intelligence   >   Vulnerability Researchers   >   Abdi Pranata

Abdi Pranata

7
All Time Ranking
250
All Time Discoveries

Showing 221-240 of 250 Vulnerabilities

Enable Accessibility <= 1.4 - Cross-Site Request Forgery
4.3
CVE-2023-30484
Apr 13, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax
4.3
CVE-2023-29428
Apr 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery
4.3
CVE-2023-29426
Apr 6, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax
4.3
CVE ID Unknown
Apr 6, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page()
4.3
CVE-2023-28995
Mar 30, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters
4.4
CVE-2023-27618
Mar 20, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25456
Mar 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]'
6.4
CVE-2023-27413
Mar 8, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize
4.3
CVE-2023-25034
Mar 3, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
LWS Tools <= 2.3.1 - Cross-Site Request Forgery
7.1
CVE-2023-27453
Mar 2, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery
4.3
CVE-2023-26531
Feb 24, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery
4.3
CVE-2023-25985
Feb 23, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-25458
Feb 23, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function
4.3
CVE-2023-25976
Feb 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting
4.4
CVE-2023-25461
Feb 15, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function
5.4
CVE-2023-25707
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function
5.4
CVE-2023-25707
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function
4.3
CVE-2023-25707
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function
5.3
CVE-2023-25707
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function
4.3
CVE-2023-25707
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Enable Accessibility <= 1.4 - Cross-Site Request Forgery CVE-2023-30484 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 13, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax CVE-2023-29428 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 6, 2023
Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery CVE-2023-29426 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 6, 2023
Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Cross-Site Request Forgery via spbsmAjax 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 6, 2023
Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page() CVE-2023-28995 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 30, 2023
Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters CVE-2023-27618 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 20, 2023
Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25456 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 13, 2023
W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]' CVE-2023-27413 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 8, 2023
WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize CVE-2023-25034 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 3, 2023
LWS Tools <= 2.3.1 - Cross-Site Request Forgery CVE-2023-27453 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H March 2, 2023
多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery CVE-2023-26531 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 24, 2023
WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery CVE-2023-25985 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 23, 2023
TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-25458 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 23, 2023
Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function CVE-2023-25976 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 22, 2023
Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting CVE-2023-25461 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function CVE-2023-25707 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function CVE-2023-25707 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function CVE-2023-25707 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function CVE-2023-25707 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N February 15, 2023
VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function CVE-2023-25707 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 15, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation