Fariq Fadillah Gusti Insani (fariqfgi)

139
All Time Ranking
20
All Time Discoveries
0
90 Day Published Submissions
28 Feb '24
Last Published Submission
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
April 11, 2024

20 Vulnerabilities

Title CVE ID CVSS Vector Date
HD Quiz – Save Results Light <= 0.5 - Missing Authorization CVE-2024-49689 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N October 21, 2024
Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins() CVE-2024-43998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 29, 2024
ReviveNews <= 1.0.2 - Missing Authorization via revivenews_install_and_activate_plugins() CVE-2024-43974 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Fota WP <= 1.4.1 - Missing Authorization via fotawp_install_and_activate_plugins() CVE-2024-43980 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
Blockbooster <= 1.0.10 - Missing Authorization CVE-2024-43979 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 28, 2024
LWS Affiliation <= 2.3.4 - Missing Authorization CVE-2024-43962 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 26, 2024
Hello Agency <= 1.0.5 - Missing Authorization to Notice Dismissal CVE-2024-43341 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N August 16, 2024
JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization CVE-2024-31273 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 5, 2024
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1341 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N February 28, 2024
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid CVE-2023-50839 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 21, 2023
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection CVE-2023-47530 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 7, 2023
WPSchoolPress <= 2.2.3 - Missing Authorization CVE-2023-37887 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 11, 2023
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference CVE-2023-23679 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 20, 2023
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization CVE-2023-30479 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 13, 2023
JS Job Manager <= 2.0.0 - Missing Authorization CVE-2023-28689 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N March 21, 2023
WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-28534 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 17, 2023
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title CVE-2023-25963 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 21, 2023
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation CVE-2023-23715 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L January 25, 2023
Yoast SEO <= 17.2 - Full Path Disclosure CVE-2021-25118 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 5, 2021
15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting CVE-2020-36510 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 21, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation