Francesco Carlucci

Title	CVE ID	CVSS	Vector	Date
WP CSV Exporter <= 1.3.7 - CSV Injection	CVE-2022-3605	7.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H	November 29, 2022
Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation	CVE-2022-3907	5.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	November 10, 2022
Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection	CVE-2022-3603	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	November 3, 2022
Contact Form Entries <= 1.2.9 - CSV Injection	CVE-2022-3604	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 21, 2022
WPForms Pro <= 1.7.6 - CSV Injection	CVE-2022-3574	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 19, 2022
Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection	CVE-2022-3463	8.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	October 17, 2022
Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection	CVE-2022-3393	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	October 3, 2022
Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection	CVE-2022-3600	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 28, 2022
WP Subtitle <= 3.4 - Cross-Site Scripting	CVE-2022-1393	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 25, 2022
Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting	CVE-2021-24826	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	February 2, 2022
Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access	CVE-2021-24824	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 2, 2022
Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion	CVE-2021-24825	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 2, 2022
Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24897	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	January 26, 2022
Orange Form <= 1.0.1 - Cross-Site Request Forgery	CVE-2021-24704	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 29, 2021
Orange Form <= 1.0.1 - Cross-Site Request Forgery	CVE-2021-24688	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 29, 2021
Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery	CVE-2021-24780	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 15, 2021
User meta shortcodes <= 0.5 - Improper Access Control	CVE-2021-24859	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 15, 2021
Page/Post Content Shortcode <= 1.0 - Missing Authorization	CVE-2021-24819	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 15, 2021
Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting	CVE-2021-24855	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	November 15, 2021
Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access	CVE-2021-24845	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 15, 2021

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation