🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > cydave

cydave

All Time Ranking

All Time Discoveries

Showing 21-40 of 89 Vulnerabilities

Events Made Easy <= 2.2.80 - SQL Injection

9.8

CVE-2022-1905

May 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection

9.8

CVE-2022-0786

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bestbooks <= 2.6.3 - Unauthenticated SQL Injection

9.8

CVE-2022-0827

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection

9.8

CVE-2022-0788

May 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nirweb support <= 2.7.9 - SQL Injection

9.8

CVE-2022-0781

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection

9.8

CVE-2022-1014

May 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection

9.8

CVE-2022-0867

Apr 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection

9.8

CVE-2022-1013

Apr 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection

9.8

CVE-2022-0771

Apr 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BadgeOS <= 3.7.0 - Unauthenticated SQL Injection

9.8

CVE-2022-0817

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection

9.8

CVE-2022-0773

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection

9.8

CVE-2022-0785

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SEMA API <= 3.64 - SQL Injection

9.8

CVE-2022-0836

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection

9.8

CVE-2022-0657

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection

9.8

CVE-2022-0769

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Master Elements <= 8.0 - Unauthenticated SQL injection

9.8

CVE-2022-0693

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Donations <= 1.8 - Unauthenticated SQL Injection

9.8

CVE-2022-0782

Mar 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Block and Stop Bad Bots <= 6.92 - SQL Injection

9.8

CVE-2022-0949

Mar 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title Experiments Free <= 9.0.0 - SQL Injection

9.8

CVE-2022-0784

Mar 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection

9.8

CVE-2022-0846

Mar 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Events Made Easy <= 2.2.80 - SQL Injection	CVE-2022-1905	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 27, 2022
KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection	CVE-2022-0786	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 23, 2022
Bestbooks <= 2.6.3 - Unauthenticated SQL Injection	CVE-2022-0827	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 17, 2022
WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection	CVE-2022-0788	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2022
Nirweb support <= 2.7.9 - SQL Injection	CVE-2022-0781	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection	CVE-2022-1014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 2, 2022
Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection	CVE-2022-0867	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 25, 2022
Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection	CVE-2022-1013	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 18, 2022
SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection	CVE-2022-0771	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 17, 2022
BadgeOS <= 3.7.0 - Unauthenticated SQL Injection	CVE-2022-0817	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection	CVE-2022-0773	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection	CVE-2022-0785	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
SEMA API <= 3.64 - SQL Injection	CVE-2022-0836	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection	CVE-2022-0657	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection	CVE-2022-0769	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Master Elements <= 8.0 - Unauthenticated SQL injection	CVE-2022-0693	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 11, 2022
Donations <= 1.8 - Unauthenticated SQL Injection	CVE-2022-0782	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 29, 2022
WP Block and Stop Bad Bots <= 6.92 - SQL Injection	CVE-2022-0949	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 16, 2022
Title Experiments Free <= 9.0.0 - SQL Injection	CVE-2022-0784	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 7, 2022
SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection	CVE-2022-0846	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 7, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation