🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Dhabaleshwar Das

Dhabaleshwar Das

All Time Ranking

119

All Time Discoveries

Showing 61-80 of 119 Vulnerabilities

USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery

5.4

CVE-2024-31943

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

4.3

CVE-2024-30546

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Newsletter <= 8.0.6 - Cross-Site Request Forgery

4.3

CVE-2024-31434

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31938

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2024-31383

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31431

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31429

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31384

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31428

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31433

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()

4.3

CVE-2024-31921

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31939

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()

4.3

CVE-2024-31922

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31937

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31927

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery

4.3

CVE-2024-31924

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP2LEADS <= 3.2.7 - Missing Authorization

4.3

CVE-2024-31375

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization

5.3

CVE-2024-31359

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery

4.3

CVE-2024-31364

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

LifterLMS <= 7.5.0 - Cross-Site Request Forgery

4.3

CVE-2024-31363

Apr 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery	CVE-2024-31943	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 10, 2024
Login With Ajax <= 4.1 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-30546	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Newsletter <= 8.0.6 - Cross-Site Request Forgery	CVE-2024-31434	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31938	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
PopularFX <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31383	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31431	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31429	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31384	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31428	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31433	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings()	CVE-2024-31921	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31939	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin()	CVE-2024-31922	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31937	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31927	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery	CVE-2024-31924	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
WP2LEADS <= 3.2.7 - Missing Authorization	CVE-2024-31375	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 8, 2024
Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization	CVE-2024-31359	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 8, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery	CVE-2024-31364	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 8, 2024
LifterLMS <= 7.5.0 - Cross-Site Request Forgery	CVE-2024-31363	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 8, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation