🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > cydave

cydave

All Time Ranking

All Time Discoveries

Showing 41-60 of 89 Vulnerabilities

6.1

CVE-2022-1906

Jul 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting

6.1

CVE-2022-1933

Jun 21, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting

5.4

CVE-2022-1910

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting

6.1

CVE-2022-1937

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-1938

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload

8.8

CVE-2022-1952

Jun 13, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting

6.1

CVE-2022-1946

Jun 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness

9.8

CVE-2022-1903

Jun 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-1904

Jun 3, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-1951

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion

5.4

CVE-2022-1953

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2022-1916

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Events Made Easy <= 2.2.80 - SQL Injection

9.8

CVE-2022-1905

May 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection

9.8

CVE-2022-0786

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-1724

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Bestbooks <= 2.6.3 - Unauthenticated SQL Injection

9.8

CVE-2022-0827

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection

9.8

CVE-2022-0788

May 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection

9.8

CVE-2022-1014

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nirweb support <= 2.7.9 - SQL Injection

9.8

CVE-2022-0781

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection

9.8

CVE-2022-0867

Apr 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Copyright Proof <= 4.16 - Reflected Cross-Site Scripting	CVE-2022-1906	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2022
CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting	CVE-2022-1933	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 21, 2022
Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting	CVE-2022-1910	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 20, 2022
Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting	CVE-2022-1937	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 16, 2022
Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-1938	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 16, 2022
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload	CVE-2022-1952	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 13, 2022
Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting	CVE-2022-1946	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 13, 2022
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness	CVE-2022-1903	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 6, 2022
Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting	CVE-2022-1904	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 3, 2022
core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting	CVE-2022-1951	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2022
Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion	CVE-2022-1953	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 1, 2022
Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2022-1916	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 1, 2022
Events Made Easy <= 2.2.80 - SQL Injection	CVE-2022-1905	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 27, 2022
KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection	CVE-2022-0786	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 23, 2022
Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting	CVE-2022-1724	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 23, 2022
Bestbooks <= 2.6.3 - Unauthenticated SQL Injection	CVE-2022-0827	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 17, 2022
WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection	CVE-2022-0788	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2022
WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection	CVE-2022-1014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
Nirweb support <= 2.7.9 - SQL Injection	CVE-2022-0781	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection	CVE-2022-0867	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 25, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation