🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 101-120 of 130 Vulnerabilities

WP Hide <= 0.0.2 - Missing Authorization to Settings Update

7.5

CVE-2022-3489

Oct 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation

6.5

CVE-2022-3538

Oct 19, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution

8.8

CVE-2022-1578

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP-Polls <= 2.75.6 - IP Validation Bypass

6.5

CVE-2022-1581

Oct 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass

6.5

CVE-2022-4097

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

All-In-One Security <= 5.1.2 - Information Disclosure

5.3

CVE-2022-4346

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass

6.5

CVE-2022-4746

Dec 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass

6.5

CVE-2022-4303

Dec 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Amazon Affiliate <= 3.12.2 - Reflected File Download

9.8

CVE-2022-4794

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header

5.3

CVE-2023-0816

Mar 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Form Block <= 1.0.1 - Cross-Site Request Forgery

4.3

CVE-2023-30616

Apr 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass

5.3

CVE-2023-3139

Jun 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

User Access Manager <= 2.2.16 - IP Spoofing

5.3

CVE-2022-1601

Aug 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure

7.5

CVE-2023-4269

Aug 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP Blogs' Planetarium <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-6532

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CommentTweets <= 0.6 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-6845

Dec 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6946

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Users <= 1.4 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-6390

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6503

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Social Bookmark Menu <= 1.2 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-7074

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Hide <= 0.0.2 - Missing Authorization to Settings Update	CVE-2022-3489	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	October 17, 2022
Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation	CVE-2022-3538	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 19, 2022
My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution	CVE-2022-1578	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 28, 2022
WP-Polls <= 2.75.6 - IP Validation Bypass	CVE-2022-1581	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	October 31, 2022
All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass	CVE-2022-4097	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 21, 2022
All-In-One Security <= 5.1.2 - Information Disclosure	CVE-2022-4346	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 9, 2022
FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass	CVE-2022-4746	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	December 27, 2022
WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass	CVE-2022-4303	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	December 27, 2022
Amazon Affiliate <= 3.12.2 - Reflected File Download	CVE-2022-4794	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 4, 2023
Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header	CVE-2023-0816	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 6, 2023
Form Block <= 1.0.1 - Cross-Site Request Forgery	CVE-2023-30616	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 20, 2023
Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass	CVE-2023-3139	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 12, 2023
User Access Manager <= 2.2.16 - IP Spoofing	CVE-2022-1601	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	August 4, 2023
User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure	CVE-2023-4269	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 8, 2023
WP Blogs' Planetarium <= 1.0 - Cross-Site Request Forgery to Settings Update	CVE-2023-6532	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 13, 2023
CommentTweets <= 0.6 - Cross-Site Request Forgery to Settings Update	CVE-2023-6845	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 10, 2023
Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6946	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 2, 2024
WordPress Users <= 1.4 - Cross-Site Request Forgery to Settings Update	CVE-2023-6390	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 3, 2024
WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2024
WP Social Bookmark Menu <= 1.2 - Cross-Site Request Forgery to Settings Update	CVE-2023-7074	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 3, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation