🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 61-80 of 130 Vulnerabilities

OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery

9.6

CVE-2022-1842

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

MailPress <= 7.2.1 - Cross-Site Request Forgery

6.1

CVE-2022-1843

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Clean-Contact <= 1.6 - Cross-Site Request Forgery

8.8

CVE-2022-1914

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Add Post URL <= 2.1.0 - Cross-Site Request Forgery

9.6

CVE-2022-1913

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery

8.8

CVE-2022-1885

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

New User Approve <= 2.4 - Cross-Site Request Forgery

9.6

CVE-2022-1625

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-1653

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HTML2WP <= 1.0.0 - Cross-Site Request Forgery

8.8

CVE-2022-1573

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HTML2WP <= 1.0.0 - Arbitrary File Deletion

8.8

CVE-2022-1572

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HTML2WP <= 1.0.0 - Arbitrary File Upload

9.8

CVE-2022-1574

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-1960

Jun 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

9.6

CVE-2022-1593

Jun 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities

8.8

CVE-2022-1967

Jun 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

8.8

CVE-2022-1757

Jun 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting

8.8

CVE-2022-1626

Jun 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change

6.5

CVE-2022-1732

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Shortcut Macros <= 1.3 - Missing Authorization to Settings Update

5.4

CVE-2022-1956

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-1957

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update

4.3

CVE-2022-1599

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery

8.8

CVE-2022-1576

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery	CVE-2022-1842	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 31, 2022
MailPress <= 7.2.1 - Cross-Site Request Forgery	CVE-2022-1843	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2022
Clean-Contact <= 1.6 - Cross-Site Request Forgery	CVE-2022-1914	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 31, 2022
Add Post URL <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-1913	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 1, 2022
Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery	CVE-2022-1885	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 1, 2022
New User Approve <= 2.4 - Cross-Site Request Forgery	CVE-2022-1625	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 1, 2022
Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update	CVE-2022-1653	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 1, 2022
HTML2WP <= 1.0.0 - Cross-Site Request Forgery	CVE-2022-1573	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 2, 2022
HTML2WP <= 1.0.0 - Arbitrary File Deletion	CVE-2022-1572	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 2, 2022
HTML2WP <= 1.0.0 - Arbitrary File Upload	CVE-2022-1574	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 2, 2022
MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update	CVE-2022-1960	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 6, 2022
Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2022-1593	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 6, 2022
wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities	CVE-2022-1967	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 7, 2022
pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2022-1757	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 15, 2022
Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting	CVE-2022-1626	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 15, 2022
Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change	CVE-2022-1732	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	June 16, 2022
Shortcut Macros <= 1.3 - Missing Authorization to Settings Update	CVE-2022-1956	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 16, 2022
Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update	CVE-2022-1957	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 16, 2022
Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update	CVE-2022-1599	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 20, 2022
WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery	CVE-2022-1576	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 20, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation