🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Daniel Ruf

Daniel Ruf

All Time Ranking

130

All Time Discoveries

Showing 81-100 of 130 Vulnerabilities

Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change

6.5

CVE-2022-1732

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

WP-EMail <= 2.68.2 - Spam Protection Bypass

6.5

CVE-2022-1614

May 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

HC Custom WP-Admin URL <= 1.4 - Information Exposure

6.5

CVE-2022-1595

May 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

External Links in New Window / New Tab <= 1.42 - Tabnabbing

6.5

CVE-2022-1583

May 9, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

RSFirewall! <= 1.1.24 - IP Address Spoofing

6.5

CVE-2021-4226

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Voting Record <= 2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-7084

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery

6.1

CVE-2023-7174

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update

6.1

CVE-2023-7196

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

6.1

CVE-2023-7197

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting

6.1

CVE-2023-7083

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6503

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting

6.1

CVE-2023-6946

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2022-2171

Jul 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Post Styling <= 1.3.0 - Cross-Site Request Forgery

6.1

CVE-2022-1845

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MailPress <= 7.2.1 - Cross-Site Request Forgery

6.1

CVE-2022-1843

May 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion

6.1

CVE-2022-1630

May 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting

6.1

CVE-2022-1164

Feb 6, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Careerfy < 3.9.0 - Cross-Site Scripting

6.1

CVE-2022-1169

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting

6.1

CVE-2022-1170

Oct 24, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting

5.5

CVE-2022-3096

Oct 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change	CVE-2022-1732	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	June 16, 2022
WP-EMail <= 2.68.2 - Spam Protection Bypass	CVE-2022-1614	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	May 30, 2022
HC Custom WP-Admin URL <= 1.4 - Information Exposure	CVE-2022-1595	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	May 18, 2022
External Links in New Window / New Tab <= 1.42 - Tabnabbing	CVE-2022-1583	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	May 9, 2022
RSFirewall! <= 1.1.24 - IP Address Spoofing	CVE-2021-4226	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
Voting Record <= 2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-7084	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2024
aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery	CVE-2023-7174	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update	CVE-2023-7196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2023-7197	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting	CVE-2023-7083	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 10, 2024
WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 3, 2024
Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting	CVE-2023-6946	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 2, 2024
Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-2171	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2022
WP Post Styling <= 1.3.0 - Cross-Site Request Forgery	CVE-2022-1845	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2022
MailPress <= 7.2.1 - Cross-Site Request Forgery	CVE-2022-1843	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2022
WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion	CVE-2022-1630	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2022
Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting	CVE-2022-1164	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 6, 2021
Careerfy < 3.9.0 - Cross-Site Scripting	CVE-2022-1169	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 3, 2020
Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting	CVE-2022-1170	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 24, 2019
WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting	CVE-2022-3096	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 10, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation