🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Cat

Cat

All Time Ranking

All Time Discoveries

Showing 1-20 of 42 Vulnerabilities

Email Templates <= 1.4.2 - Cross-Site Request Forgery via send_test_email

4.3

CVE-2022-47181

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process'

4.3

CVE-2023-39995

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ARMember <= 4.0.5 - Cross-Site Request Forgery

4.3

CVE-2022-47424

Jul 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SW Product Bundles <= 2.0.15 - Missing Authorization

4.3

CVE-2023-36519

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

NOO Timetable <= 2.1.3 - Cross-Site Request Forgery

4.3

CVE-2022-45828

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Post Hit Counter <= 1.3.2 - Missing Authorization

4.3

CVE-2023-36518

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery

4.3

CVE-2022-45823

May 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery

4.3

CVE-2022-46856

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery

4.3

CVE-2022-46857

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove

4.3

CVE-2022-47134

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP EasyPay <= 4.0.4 - Cross-Site Request Forgery

4.3

CVE-2022-47177

Apr 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2022-46846

Mar 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.0.13 - Cross-Site Request Forgery via send_email

4.3

CVE-2022-46812

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery

4.3

CVE ID Unknown

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization

4.3

CVE-2022-46807

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Bulk Resize Media <= 1.1 - Cross-Site Request Forgery via bulk_resize_resize_image

4.3

CVE-2022-46865

Mar 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Import External Images <= 1.4 - Cross-Site Request Forgery via external_image_import_all_ajax

4.3

CVE-2022-46866

Mar 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Kopa Framework <= 1.3.5 - Cross-Site Request Forgery

4.3

CVE-2022-47180

Mar 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery

4.3

CVE-2023-25066

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure

4.3

CVE-2022-47425

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Email Templates <= 1.4.2 - Cross-Site Request Forgery via send_test_email	CVE-2022-47181	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 3, 2023
Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process'	CVE-2023-39995	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 11, 2023
ARMember <= 4.0.5 - Cross-Site Request Forgery	CVE-2022-47424	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 10, 2023
SW Product Bundles <= 2.0.15 - Missing Authorization	CVE-2023-36519	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 27, 2023
NOO Timetable <= 2.1.3 - Cross-Site Request Forgery	CVE-2022-45828	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 27, 2023
Post Hit Counter <= 1.3.2 - Missing Authorization	CVE-2023-36518	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 27, 2023
Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery	CVE-2022-45823	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 25, 2023
Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery	CVE-2022-46856	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery	CVE-2022-46857	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove	CVE-2022-47134	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
WP EasyPay <= 4.0.4 - Cross-Site Request Forgery	CVE-2022-47177	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 14, 2023
Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count	CVE-2022-46846	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 30, 2023
Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.0.13 - Cross-Site Request Forgery via send_email	CVE-2022-46812	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 22, 2023
Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery		4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 22, 2023
Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization	CVE-2022-46807	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 22, 2023
Bulk Resize Media <= 1.1 - Cross-Site Request Forgery via bulk_resize_resize_image	CVE-2022-46865	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 16, 2023
Import External Images <= 1.4 - Cross-Site Request Forgery via external_image_import_all_ajax	CVE-2022-46866	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 16, 2023
Kopa Framework <= 1.3.5 - Cross-Site Request Forgery	CVE-2022-47180	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 13, 2023
FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery	CVE-2023-25066	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 2, 2023
ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure	CVE-2022-47425	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	January 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation