🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > emad

emad

All Time Ranking

All Time Discoveries

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 65 Vulnerabilities

Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing

7.5

CVE-2024-5598

Jun 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing

7.5

CVE-2024-5599

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-2657

May 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-3666

May 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Automatic Translator with Google Translate <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font

4.4

CVE-2024-0632

May 21, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Debug Log – Manger Tool <= 1.4.5 - Unauthenticated Information Exposure via Logs

5.3

CVE-2024-34798

May 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-33642

Apr 25, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2024-33627

Apr 24, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-32722

Apr 22, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Backup Migration <= 1.4.3 - Information Exposure via Log Files

5.3

CVE-2024-32686

Apr 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-32598

Apr 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Welcart e-Commerce <= 2.9.14 - Missing Authorization

5.4

CVE-2024-32144

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31926

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure

4.3

CVE-2024-31252

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

All-in-One Video Gallery <= 3.5.2 - Missing Authorization

4.3

CVE-2024-31248

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-7201

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit

6.4

CVE-2024-29807

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options

5.5

CVE-2024-0659

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest

4.3

CVE-2024-24701

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page

4.3

CVE-2024-24702

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing	CVE-2024-5598	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 28, 2024
FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing	CVE-2024-5599	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 6, 2024
Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-2657	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 29, 2024
Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-3666	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 21, 2024
Automatic Translator with Google Translate <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font	CVE-2024-0632	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 21, 2024
Debug Log – Manger Tool <= 1.4.5 - Unauthenticated Information Exposure via Logs	CVE-2024-34798	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 20, 2024
Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-33642	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 25, 2024
Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2024-33627	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 24, 2024
Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-32722	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 22, 2024
Backup Migration <= 1.4.3 - Information Exposure via Log Files	CVE-2024-32686	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 17, 2024
BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-32598	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
Welcart e-Commerce <= 2.9.14 - Missing Authorization	CVE-2024-32144	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	April 12, 2024
Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31926	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure	CVE-2024-31252	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 5, 2024
All-in-One Video Gallery <= 3.5.2 - Missing Authorization	CVE-2024-31248	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-7201	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 25, 2024
DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit	CVE-2024-29807	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options	CVE-2024-0659	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest	CVE-2024-24701	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 31, 2024
Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page	CVE-2024-24702	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 31, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation