🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 21-40 of 130 Vulnerabilities

YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header

5.3

CVE-2022-1600

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing

5.3

CVE-2022-1762

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure

5.3

CVE-2022-1054

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure

5.3

CVE-2021-24917

Oct 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing

5.3

CVE-2022-1166

Sep 11, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

5.4

CVE-2022-2600

Aug 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Shortcut Macros <= 1.3 - Missing Authorization to Settings Update

5.4

CVE-2022-1956

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset

5.4

CVE-2022-1570

May 15, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Change WP Admin Login <= 1.0.9 - Missing Authorization Checks

5.4

CVE-2022-1589

May 9, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N

WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting

5.5

CVE-2022-3096

Oct 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting

5.5

CVE ID Unknown

Jul 6, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update

6.1

CVE-2023-7196

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

6.1

CVE-2023-7197

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery

6.1

CVE-2023-7174

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

6.1

CVE-2023-7083

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6503

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6946

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2022-2171

Jul 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Post Styling <= 1.3.0 - Cross-Site Request Forgery

6.1

CVE-2022-1845

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MailPress <= 7.2.1 - Cross-Site Request Forgery

6.1

CVE-2022-1843

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header	CVE-2022-1600	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 11, 2022
iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing	CVE-2022-1762	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 17, 2022
RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure	CVE-2022-1054	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 11, 2022
WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure	CVE-2021-24917	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 27, 2021
Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing	CVE-2022-1166	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 11, 2020
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing	CVE-2022-2600	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	August 1, 2022
Shortcut Macros <= 1.3 - Missing Authorization to Settings Update	CVE-2022-1956	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	June 16, 2022
Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset	CVE-2022-1570	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	May 15, 2022
Change WP Admin Login <= 1.0.9 - Missing Authorization Checks	CVE-2022-1589	5.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N	May 9, 2022
WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting	CVE-2022-3096	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 10, 2022
Flexi Quote Rotator <= 0.9.4 - Authenticated Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	July 6, 2022
Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update	CVE-2023-7196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2023-7197	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery	CVE-2023-7174	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2023-7083	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 10, 2024
WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2024
Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6946	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 2, 2024
Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-2171	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2022
WP Post Styling <= 1.3.0 - Cross-Site Request Forgery	CVE-2022-1845	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2022
MailPress <= 7.2.1 - Cross-Site Request Forgery	CVE-2022-1843	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation