🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 81-100 of 130 Vulnerabilities

Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload

8.8

CVE-2022-2091

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-2123

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Insights from Google PageSpeed <= 4.0.6 - Multiple Cross-Site Request Forgery

8.8

CVE-2022-1672

Jun 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting

5.5

CVE ID Unknown

Jul 6, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2022-2328

Jul 6, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2022-2171

Jul 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download

9.8

CVE-2022-1585

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header

5.3

CVE-2022-1600

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

5.4

CVE-2022-2600

Aug 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update

8.8

CVE-2022-2172

Aug 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass

5.3

CVE-2022-1663

Aug 8, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.3

CVE-2022-2913

Aug 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass

5.3

CVE-2022-2877

Aug 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery

4.3

CVE-2022-1591

Aug 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Site Offline <= 1.4.9 - Maintenance Mode Bypass

5.3

CVE-2022-1580

Aug 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing

6.5

CVE-2022-1613

Aug 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

8.8

CVE-2022-3098

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5.3

CVE-2022-1579

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery

8.8

CVE-2022-3097

Sep 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting

5.5

CVE-2022-3096

Oct 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload	CVE-2022-2091	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 20, 2022
WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update	CVE-2022-2123	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 20, 2022
Insights from Google PageSpeed <= 4.0.6 - Multiple Cross-Site Request Forgery	CVE-2022-1672	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 27, 2022
Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	July 6, 2022
Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-2328	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	July 6, 2022
Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-2171	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2022
Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download	CVE-2022-1585	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 11, 2022
YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header	CVE-2022-1600	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 11, 2022
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing	CVE-2022-2600	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	August 1, 2022
LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update	CVE-2022-2172	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 1, 2022
Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass	CVE-2022-1663	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 8, 2022
Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing	CVE-2022-2913	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 16, 2022
Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass	CVE-2022-2877	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 17, 2022
WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery	CVE-2022-1591	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 23, 2022
Site Offline <= 1.4.9 - Maintenance Mode Bypass	CVE-2022-1580	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 29, 2022
Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing	CVE-2022-1613	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	August 31, 2022
Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-3098	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 5, 2022
Login Block IPs <= 1.0.0 - IP Spoofing to Protection Mechanism Bypass	CVE-2022-1579	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 5, 2022
Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery	CVE-2022-3097	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 30, 2022
WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting	CVE-2022-3096	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 10, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation