🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > cydave

cydave

All Time Ranking

All Time Discoveries

Showing 21-40 of 89 Vulnerabilities

WP Video Gallery <= 1.7.1 - SQL Injection

6.5

CVE-2022-0826

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SEMA API <= 3.64 - SQL Injection

9.8

CVE-2022-0836

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection

9.8

CVE-2022-0657

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection

9.8

CVE-2022-0773

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection

9.8

CVE-2022-0769

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection

7.5

CVE ID Unknown

Apr 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection

9.8

CVE-2022-0771

Apr 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection

9.8

CVE-2022-1013

Apr 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection

6.5

CVE-2022-0814

Apr 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection

9.8

CVE-2022-0867

Apr 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nirweb support <= 2.7.9 - SQL Injection

9.8

CVE-2022-0781

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection

9.8

CVE-2022-1014

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection

9.8

CVE-2022-0788

May 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bestbooks <= 2.6.3 - Unauthenticated SQL Injection

9.8

CVE-2022-0827

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection

9.8

CVE-2022-0786

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-1724

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Events Made Easy <= 2.2.80 - SQL Injection

9.8

CVE-2022-1905

May 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion

5.4

CVE-2022-1953

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2022-1916

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-1951

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Video Gallery <= 1.7.1 - SQL Injection	CVE-2022-0826	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
SEMA API <= 3.64 - SQL Injection	CVE-2022-0836	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection	CVE-2022-0657	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection	CVE-2022-0773	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection	CVE-2022-0769	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 14, 2022
SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection	CVE-2022-0771	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 17, 2022
Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection	CVE-2022-1013	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 18, 2022
Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection	CVE-2022-0814	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 18, 2022
Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection	CVE-2022-0867	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 25, 2022
Nirweb support <= 2.7.9 - SQL Injection	CVE-2022-0781	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection	CVE-2022-1014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection	CVE-2022-0788	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2022
Bestbooks <= 2.6.3 - Unauthenticated SQL Injection	CVE-2022-0827	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 17, 2022
KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection	CVE-2022-0786	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 23, 2022
Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting	CVE-2022-1724	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 23, 2022
Events Made Easy <= 2.2.80 - SQL Injection	CVE-2022-1905	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 27, 2022
Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion	CVE-2022-1953	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 1, 2022
Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2022-1916	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 1, 2022
core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting	CVE-2022-1951	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation