🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Cronus

Cronus

150

All Time Ranking

All Time Discoveries

14 Vulnerabilities

Brozzme Scroll Top <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-34426

May 6, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Forty Four – 404 Plugin for WordPress <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-34423

May 6, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-4433

May 2, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-33943

Apr 30, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Slash Admin <= 3.8.1 - Cross-Site Request Forgery

6.1

CVE-2024-32958

Apr 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-32591

Apr 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-32428

Apr 12, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-32083

Apr 11, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Popup Like box – Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-31387

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-31344

Apr 5, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-30554

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2024-30545

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-31119

Mar 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-30553

Mar 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Brozzme Scroll Top <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-34426	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 6, 2024
Forty Four – 404 Plugin for WordPress <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-34423	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 6, 2024
Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-4433	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 2, 2024
Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-33943	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 30, 2024
Slash Admin <= 3.8.1 - Cross-Site Request Forgery	CVE-2024-32958	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 23, 2024
Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-32591	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-32428	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 12, 2024
Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-32083	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 11, 2024
Popup Like box – Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-31387	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-31344	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 5, 2024
DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2024-30554	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 29, 2024
Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2024-30545	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 29, 2024
Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-31119	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 29, 2024
WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-30553	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 29, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation