🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

Wordfence Intelligence > Vulnerability Researchers > Felipe Restrepo Rodriguez

Felipe Restrepo Rodriguez (pfelilpe)

Organization: Pfelilpe

All Time Ranking

All Time Discoveries

20 Vulnerabilities

Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-3499

Aug 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name

4.8

CVE-2023-0439

Jun 26, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2578

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-2580

May 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-0545

May 10, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Ko-fi Button <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2254

Apr 25, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution

9.8

CVE-2022-4774

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-0548

Jan 31, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-0543

Jan 31, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-0428

Jan 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-0429

Jan 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

7.5

CVE-2022-0989

Mar 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting

7.2

CVE-2022-23988

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting

4.8

CVE-2022-23987

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting

5.5

CVE-2021-24744

Sep 27, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting

4.8

CVE-2021-24514

Sep 27, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

PlanSo Forms <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2021-24516

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Form Builder <= 1.9.8.3 - Authenticated Stored Cross-Site Scripting

5.5

CVE-2021-24513

Aug 9, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24526

Jul 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

PhastPress <= 1.110 - Open Redirect

6.1

CVE-2021-24210

Mar 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-3499	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	August 15, 2023
NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name	CVE-2023-0439	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	June 26, 2023
Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-2578	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	June 19, 2023
AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-2580	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 19, 2023
Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-0545	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 10, 2023
Ko-fi Button <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-2254	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 25, 2023
Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution	CVE-2022-4774	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 19, 2023
Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-0548	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 31, 2023
Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-0543	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 31, 2023
Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting	CVE-2023-0428	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 24, 2023
Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-0429	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 24, 2023
NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality	CVE-2022-0989	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	March 15, 2022
WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting	CVE-2022-23988	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 31, 2022
WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting	CVE-2022-23987	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	January 31, 2022
Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting	CVE-2021-24744	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 27, 2021
Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting	CVE-2021-24514	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	September 27, 2021
PlanSo Forms <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-24516	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
Form Builder <= 1.9.8.3 - Authenticated Stored Cross-Site Scripting	CVE-2021-24513	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	August 9, 2021
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting	CVE-2021-24526	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 15, 2021
PhastPress <= 1.110 - Open Redirect	CVE-2021-24210	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 19, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation