🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Krohmer

Daniel Krohmer

All Time Ranking

All Time Discoveries

Showing 21-40 of 51 Vulnerabilities

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS

7.5

CVE-2022-4166

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row

7.5

CVE-2022-4162

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET

7.5

CVE-2022-4152

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start

7.5

CVE-2022-4161

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id

7.5

CVE-2022-4160

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post

7.5

CVE-2022-4164

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]

7.5

CVE-2022-4153

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id

7.5

CVE-2022-4155

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id

7.5

CVE-2022-4157

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields

8.1

CVE-2022-4158

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id

7.5

CVE-2022-4159

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id

6.6

CVE-2022-4154

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id

8.1

CVE-2022-4156

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id

7.5

CVE-2022-4151

Nov 29, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate

7.5

CVE-2022-4163

Nov 29, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-3925

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection

9.1

CVE-2022-3856

Nov 14, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-3848

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-3865

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-3849

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS	CVE-2022-4166	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row	CVE-2022-4162	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET	CVE-2022-4152	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start	CVE-2022-4161	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id	CVE-2022-4160	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post	CVE-2022-4164	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]	CVE-2022-4153	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id	CVE-2022-4155	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id	CVE-2022-4157	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields	CVE-2022-4158	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id	CVE-2022-4159	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id	CVE-2022-4154	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id	CVE-2022-4156	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id	CVE-2022-4151	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	November 29, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate	CVE-2022-4163	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	November 29, 2022
Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection	CVE-2022-3925	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 17, 2022
Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection	CVE-2022-3856	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 14, 2022
WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection	CVE-2022-3848	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 7, 2022
WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection	CVE-2022-3865	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 7, 2022
WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection	CVE-2022-3849	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 7, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation