🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Abu Hurayra

Abu Hurayra

All Time Ranking

All Time Discoveries

About

I love code!!

Showing 1-20 of 37 Vulnerabilities

MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection

8.8

CVE-2023-50842

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass

7.5

CVE-2023-46630

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Store Locator WordPress <= 1.4.14 - Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion

6.6

CVE-2023-50885

Dec 26, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget

6.4

CVE-2024-3005

May 1, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29811

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29107

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-27969

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-25920

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class

6.4

CVE-2024-25598

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-24831

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

The Plus Addons for Elementor <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-23511

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-22137

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-21744

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-21745

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP User Profile Avatar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-52118

Dec 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-51492

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zoho Forms <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-50891

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50859

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50371

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Livemesh Addons for WPBakery Page Builder <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-50370

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection	CVE-2023-50842	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass	CVE-2023-46630	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 25, 2023
Store Locator WordPress <= 1.4.14 - Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion	CVE-2023-50885	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 26, 2023
LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget	CVE-2024-3005	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 1, 2024
Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29811	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 25, 2024
Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29107	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 15, 2024
Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-27969	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 13, 2024
WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-25920	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 14, 2024
Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class	CVE-2024-25598	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 12, 2024
Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-24831	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
The Plus Addons for Elementor <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-23511	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 30, 2024
Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-22137	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2024
Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-21744	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2024
Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-21745	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
WP User Profile Avatar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-52118	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 28, 2023
If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-51492	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
Zoho Forms <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-50891	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50859	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50371	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 7, 2023
Livemesh Addons for WPBakery Page Builder <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-50370	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 7, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation