Francesco Carlucci

Vulnerabilities Discovered:

29
All Time Discoveries
1
Discoveries since May 1, 2023

Showing 1-20 of 29 vulnerabilities

Title CVE ID CVSS Vector Date
Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting CVE-2023-1661 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 30, 2023
WP CSV Exporter <= 1.3.7 - CSV Injection CVE-2022-3605 7.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H November 29, 2022
Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation CVE-2022-3907 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L November 10, 2022
Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection CVE-2022-3603 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N November 3, 2022
Contact Form Entries <= 1.2.9 - CSV Injection CVE-2022-3604 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 21, 2022
WPForms Pro <= 1.7.6 - CSV Injection CVE-2022-3574 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H October 19, 2022
Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection CVE-2022-3463 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H October 17, 2022
Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection CVE-2022-3393 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H October 3, 2022
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection CVE-2022-3600 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H September 28, 2022
WP Subtitle <= 3.4 - Cross-Site Scripting CVE-2022-1393 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 25, 2022
Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting CVE-2021-24826 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N February 2, 2022
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access CVE-2021-24824 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 2, 2022
Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion CVE-2021-24825 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 2, 2022
Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2021-24897 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L January 26, 2022
Orange Form <= 1.0.1 - Cross-Site Request Forgery CVE-2021-24704 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 29, 2021
Orange Form <= 1.0.1 - Cross-Site Request Forgery CVE-2021-24688 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 29, 2021
Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery CVE-2021-24780 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 15, 2021
User meta shortcodes <= 0.5 - Improper Access Control CVE-2021-24859 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N November 15, 2021
Page/Post Content Shortcode <= 1.0 - Missing Authorization CVE-2021-24819 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N November 15, 2021
Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting CVE-2021-24855 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N November 15, 2021

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation