🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Fariq Fadillah Gusti Insani (fariqfgi)

Fariq Fadillah Gusti Insani (fariqfgi)

150

All Time Ranking

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

13 Vulnerabilities

JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization

5.3

CVE-2024-31273

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.9

CVE-2024-1341

Feb 28, 2024

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid

9.8

CVE-2023-50839

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-47530

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WPSchoolPress <= 2.2.3 - Missing Authorization

5.4

CVE-2023-37887

Jul 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference

6.3

CVE-2023-23679

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization

6.5

CVE-2023-30479

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

JS Job Manager <= 2.0.0 - Missing Authorization

6.5

CVE-2023-28689

Mar 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-28534

Mar 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title

6.4

CVE-2023-25963

Feb 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation

6.5

CVE-2023-23715

Jan 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Yoast SEO <= 17.2 - Full Path Disclosure

5.3

CVE-2021-25118

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting

6.1

CVE-2020-36510

Sep 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization	CVE-2024-31273	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1341	4.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N	February 28, 2024
JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid	CVE-2023-50839	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection	CVE-2023-47530	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 7, 2023
WPSchoolPress <= 2.2.3 - Missing Authorization	CVE-2023-37887	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	July 11, 2023
JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference	CVE-2023-23679	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	June 20, 2023
Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization	CVE-2023-30479	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2023
JS Job Manager <= 2.0.0 - Missing Authorization	CVE-2023-28689	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	March 21, 2023
WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-28534	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 17, 2023
JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title	CVE-2023-25963	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation	CVE-2023-23715	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	January 25, 2023
Yoast SEO <= 17.2 - Full Path Disclosure	CVE-2021-25118	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 5, 2021
15Zine \| Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting	CVE-2020-36510	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 21, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation