Dhabaleshwar Das

19
All Time Ranking
146
All Time Discoveries

Showing 1-20 of 146 Vulnerabilities

Title CVE ID CVSS Vector Date
LA-Studio Element Kit for Elementor <= 1.3.6 - Missing Authorization CVE-2024-35725 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 6, 2024
Builder for WooCommerce reviews shortcodes – ReviewShort <= 1.01.5 - Missing Authorization CVE-2024-34763 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 16, 2024
weMail <= 1.14.2 - Missing Authorization to Notice Dismissal CVE-2024-34822 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 15, 2024
JCH Optimize <= 4.2.0 - Authenticated (Subscriber+) Directory Traversal CVE-2024-34808 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 13, 2024
Extend Themes <= (Multiple Versions) - Cross-Site Request Forgery CVE-2024-34810 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 13, 2024
Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery CVE-2024-34807 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 13, 2024
EmpowerWP <= 1.0.21 - Cross-Site Request Forgery to Notice Dismissal CVE-2024-34809 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 13, 2024
WP SMS <= 6.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-34811 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 13, 2024
Serial Numbers for WooCommerce – License Manager <= 1.7.4 - Missing Authorization CVE-2024-35173 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 10, 2024
Flo Forms <= 1.0.42 - Missing Authorization CVE-2024-35174 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 10, 2024
Netgsm <= 2.9.16 - Missing Authorization CVE-2024-35672 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 10, 2024
Giveaways and Contests by RafflePress <= 1.12.4 - Missing Authorization CVE-2024-4745 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 10, 2024
ShortPixel Adaptive Images <= 3.8.3 - Authenticated (Admin+) Server-Side Request Forgery CVE-2024-35172 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N May 10, 2024
ShortPixel Adaptive Images <= 3.8.3 - Cross-Site Request Forgery CVE-2024-4689 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 9, 2024
SportsPress – Sports Club & League Manager <= 2.7.20 - Missing Authorization to Notice Dismissal CVE-2024-34824 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N May 9, 2024
MC Woocommerce Wishlist <= 1.7.2 - Missing Authorization CVE-2024-34819 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 9, 2024
If-So Dynamic Content Personalization <= 1.7.1 - Missing Authorization CVE-2024-34820 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 9, 2024
Easy Digital Downloads <= 3.2.11 - Unauthenticated Sensitive Information Exposure CVE-2024-32100 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 9, 2024
Contact List – Easy Business Directory, Staff Directory and Address Book Plugin <= 2.9.87 - Missing Authorization to Notice Dismissal CVE-2024-34821 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 9, 2024
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.6.4 - Missing Authorization via Several AJAX Action CVE-2024-34826 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N May 9, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation