🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Bob Matyas

Bob Matyas

All Time Ranking

All Time Discoveries

Showing 61-80 of 88 Vulnerabilities

Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-7168

Jan 23, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion

5.3

CVE-2023-7231

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

6.4

CVE-2023-7086

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

6.4

CVE-2023-7088

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-7228

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-7233

Jan 19, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title

4.4

CVE-2023-5956

Jan 3, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

6.4

CVE-2023-7089

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-6626

Dec 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-6456

Dec 26, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-6163

Dec 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-5980

Nov 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-5005

Nov 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-5874

Nov 13, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-4824

Oct 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-5181

Oct 16, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload

6.4

CVE-2023-5458

Oct 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

6.1

CVE-2023-3510

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-4022

Aug 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings

4.4

CVE-2023-4254

Aug 8, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-7168	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 23, 2024
illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion	CVE-2023-7231	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 23, 2024
SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	CVE-2023-7086	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 23, 2024
Add SVG Support for Media Uploader \| inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	CVE-2023-7088	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 23, 2024
illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-7228	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 23, 2024
GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-7233	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 19, 2024
Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title	CVE-2023-5956	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG	CVE-2023-7089	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-6626	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 28, 2023
WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-6456	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 26, 2023
WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-6163	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 22, 2023
BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-5980	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 28, 2023
Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-5005	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 21, 2023
Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-5874	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 13, 2023
WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update	CVE-2023-4824	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 27, 2023
WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-5181	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 16, 2023
CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload	CVE-2023-5458	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 9, 2023
FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-3510	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 22, 2023
Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-4022	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 21, 2023
ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings	CVE-2023-4254	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 8, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation