🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 1-20 of 130 Vulnerabilities

Amazon Affiliate <= 3.12.2 - Reflected File Download

9.8

CVE-2022-4794

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download

9.8

CVE-2022-1585

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

HTML2WP <= 1.0.0 - Arbitrary File Upload

9.8

CVE-2022-1574

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

FloLaunch <= 2.4 - Missing Authorization

9.8

CVE-2022-0541

Mar 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

9.6

CVE-2022-1593

Jun 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

New User Approve <= 2.4 - Cross-Site Request Forgery

9.6

CVE-2022-1625

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Add Post URL <= 2.1.0 - Cross-Site Request Forgery

9.6

CVE-2022-1913

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery

9.6

CVE-2022-1842

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update

9.6

CVE-2022-1791

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

9.6

CVE-2022-1780

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

postTabs <= 2.10.6 - Cross-Site Request Forgery

9.6

CVE-2022-1781

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

9.6

CVE-2022-1787

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting

9.6

CVE-2022-1759

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

9.6

CVE-2022-1764

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery

9.6

CVE-2022-1594

May 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery

9.6

CVE-2022-1765

May 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing

9.1

CVE-2022-1165

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution

8.8

CVE-2022-1578

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery

8.8

CVE-2022-3097

Sep 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8

CVE-2022-3098

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Amazon Affiliate <= 3.12.2 - Reflected File Download	CVE-2022-4794	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 4, 2023
Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download	CVE-2022-1585	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 11, 2022
HTML2WP <= 1.0.0 - Arbitrary File Upload	CVE-2022-1574	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 2, 2022
FloLaunch <= 2.4 - Missing Authorization	CVE-2022-0541	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 29, 2022
Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2022-1593	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 6, 2022
New User Approve <= 2.4 - Cross-Site Request Forgery	CVE-2022-1625	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 1, 2022
Add Post URL <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-1913	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 1, 2022
OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery	CVE-2022-1842	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 31, 2022
One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update	CVE-2022-1791	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2022-1780	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
postTabs <= 2.10.6 - Cross-Site Request Forgery	CVE-2022-1781	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2022-1787	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting	CVE-2022-1759	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2022-1764	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 23, 2022
HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery	CVE-2022-1594	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 18, 2022
Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery	CVE-2022-1765	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	May 17, 2022
Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing	CVE-2022-1165	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 31, 2022
My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution	CVE-2022-1578	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 28, 2022
Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery	CVE-2022-3097	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 30, 2022
Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-3098	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 5, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation