I am an Application Security Engineer at WPDeveloper, specializing in the WordPress ecosystem and SaaS solutions. Outside of work, I delve into Security Research, engage in Problem Solving, participate in CTF challenges, and actively contribute to Bug Bounty programs. Passionate about enhancing digital security landscapes.
|Forms by CaptainForm <= 2.5.3 - Reflected Cross-Site Scripting via REQUEST_URI||CVE-2023-49170||CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N||November 29, 2023|
|BrainCert – HTML5 Virtual Classroom <= 1.30 - Reflected Cross-Site Scripting||CVE-2023-49172||CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N||November 29, 2023|
|MyTube PlayList <= 2.0.3 - Reflected Cross-Site Scripting via addplaylistid||CVE-2023-48767||CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N||November 28, 2023|
|myCred <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting||CVE-2023-47853||CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N||November 20, 2023|
|Community by PeepSo <= 18.104.22.168 - Authenticated (Contributor+) Stored Cross-Site Scripting||CVE-2023-47850||CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N||November 20, 2023|
|WP Crowdfunding <= 2.1.6 - Reflected Cross-Site Scripting via postid||CVE-2023-47532||CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N||November 7, 2023|
|Pre-Orders for WooCommerce <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting||CVE-2023-46783||CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N||October 26, 2023|
|Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass||CVE-2023-46630||CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N||October 25, 2023|
|ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store <= 1.1.2 - Reflected Cross-Site Scripting via multiple parameters||CVE-2023-34011||CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N||July 17, 2023|
|Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery||CVE-2023-34013||CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L||June 26, 2023|
Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!Learn more
Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.
The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.Documentation