🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > cydave

cydave

All Time Ranking

All Time Discoveries

Showing 41-60 of 89 Vulnerabilities

Infographic Maker – iList <= 4.3.7 - SQL Injection

9.8

CVE-2022-0747

Feb 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection

9.8

CVE-2022-0760

Feb 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection

9.8

CVE-2022-0694

Feb 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BookingPress < 1.0.11 - SQL Injection

9.8

CVE-2022-0739

Feb 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

9.8

CVE-2022-0658

Feb 21, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion

9.1

CVE-2022-4101

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload

8.8

CVE-2022-4047

Nov 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-3912

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

8.8

CVE-2022-3930

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-2958

Aug 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload

8.8

CVE-2022-1952

Jun 13, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download

7.5

CVE-2022-4298

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection

7.5

CVE ID Unknown

Apr 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Narnoo Distributor <= 2.5.1 - Path Traversal

7.5

CVE-2022-0679

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access

7.4

CVE-2022-0656

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-4307

Dec 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection

7.2

CVE-2022-4297

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-1938

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-0780

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting

7.2

CVE-2022-0818

Mar 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Infographic Maker – iList <= 4.3.7 - SQL Injection	CVE-2022-0747	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 28, 2022
Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection	CVE-2022-0760	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 28, 2022
Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection	CVE-2022-0694	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 28, 2022
BookingPress < 1.0.11 - SQL Injection	CVE-2022-0739	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 28, 2022
CommonsBooking < 2.6.8 - Unauthenticated SQL Injection	CVE-2022-0658	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 21, 2022
Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion	CVE-2022-4101	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	December 21, 2022
Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload	CVE-2022-4047	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 25, 2022
User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-3912	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 21, 2022
Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change	CVE-2022-3930	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 21, 2022
BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection	CVE-2022-2958	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 23, 2022
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload	CVE-2022-1952	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 13, 2022
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download	CVE-2022-4298	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 12, 2022
Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 14, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal	CVE-2022-0679	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access	CVE-2022-0656	7.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N	April 13, 2022
Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-4307	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 27, 2022
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection	CVE-2022-4297	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-1938	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 16, 2022
SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-0780	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 11, 2022
WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting	CVE-2022-0818	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 2, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation