🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > emad

emad

All Time Ranking

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 56 Vulnerabilities

Backup Migration <= 1.4.3 - Information Exposure via Log Files

5.3

CVE-2024-32686

Apr 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-32598

Apr 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Welcart e-Commerce <= 2.9.14 - Missing Authorization

5.4

CVE-2024-32144

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31926

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure

4.3

CVE-2024-31252

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

All-in-One Video Gallery <= 3.5.2 - Missing Authorization

4.3

CVE-2024-31248

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2023-7201

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit

6.4

CVE-2024-29807

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options

5.5

CVE-2024-0659

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page

4.3

CVE-2024-24702

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest

4.3

CVE-2024-24701

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ninja Tables <= 5.0.5 - Missing Authorization

5.3

CVE-2024-23504

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

12 Step Meeting List <= 3.14.28 - Missing Authorization

5.3

CVE-2024-22296

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint

5.3

CVE-2024-22151

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting

7.2

CVE-2024-22149

Jan 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-52203

Jan 3, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ProfileGrid <= 5.6.6 - Missing Authorization

4.3

CVE-2023-52117

Dec 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-51685

Dec 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

weForms <= 1.6.18 - Missing Authorization via export_form_entries

6.5

CVE-2023-51524

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-50896

Dec 26, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Backup Migration <= 1.4.3 - Information Exposure via Log Files	CVE-2024-32686	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 17, 2024
BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-32598	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
Welcart e-Commerce <= 2.9.14 - Missing Authorization	CVE-2024-32144	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	April 12, 2024
Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31926	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure	CVE-2024-31252	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 5, 2024
All-in-One Video Gallery <= 3.5.2 - Missing Authorization	CVE-2024-31248	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload	CVE-2023-7201	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 25, 2024
DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit	CVE-2024-29807	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options	CVE-2024-0659	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page	CVE-2024-24702	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 31, 2024
Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest	CVE-2024-24701	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 31, 2024
Ninja Tables <= 5.0.5 - Missing Authorization	CVE-2024-23504	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 19, 2024
12 Step Meeting List <= 3.14.28 - Missing Authorization	CVE-2024-22296	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 17, 2024
Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint	CVE-2024-22151	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 16, 2024
CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting	CVE-2024-22149	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 15, 2024
CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-52203	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 3, 2024
ProfileGrid <= 5.6.6 - Missing Authorization	CVE-2023-52117	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 28, 2023
WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-51685	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 27, 2023
weForms <= 1.6.18 - Missing Authorization via export_form_entries	CVE-2023-51524	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	December 27, 2023
weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-50896	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 26, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation