Wordfence Intelligence   >   Vulnerability Researchers   >   Francesco Carlucci

Francesco Carlucci

5
All Time Ranking
311
All Time Discoveries

About

Hacker and Digital Nomad, the worst combination ever :)

9 Achievements

Learn more about Achievements
Submitted 200 Vulnerabilities
Submitted 200 Vulnerabilities
May 13, 2024
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
February 27, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
February 26, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
February 7, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
January 30, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
January 9, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 5, 2024
1337 Vulnerability Researcher
1337 Vulnerability Researcher
December 12, 2023
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 27, 2023
Learn more Learn more about Achievements

Showing 41-60 of 311 Vulnerabilities

QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval
5.3
CVE-2024-1324
May 31, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-2089
May 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Testimonial Carousel For Elementor <= 10.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-2253
May 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save
5.3
CVE-2024-0434
May 28, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update
5.3
CVE-2024-4858
May 24, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Schema App Structured Data <= 2.2.0 - Missing Authorization
4.3
CVE-2024-0893
May 23, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Event post <= 5.9.4 - Missing Authorization
4.3
CVE-2024-1376
May 23, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution
9.8
CVE-2024-5084
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection
8.1
CVE-2024-5085
May 22, 2024
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection
8.0
CVE-2024-4471
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
5.3
CVE-2023-6325
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution
8.8
CVE-2024-4662
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets
6.4
CVE-2024-2163
May 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback
5.0
CVE-2024-0453
May 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback
5.0
CVE-2024-0452
May 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback
5.0
CVE-2024-0451
May 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode
6.4
CVE-2024-4546
May 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure
4.3
CVE-2024-0437
May 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update
5.3
CVE-2024-0870
May 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
9.8
CVE-2024-4560
May 10, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval CVE-2024-1324 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 31, 2024
Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2089 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N May 29, 2024
Testimonial Carousel For Elementor <= 10.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2253 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 29, 2024
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save CVE-2024-0434 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 28, 2024
Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update CVE-2024-4858 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L May 24, 2024
Schema App Structured Data <= 2.2.0 - Missing Authorization CVE-2024-0893 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 23, 2024
Event post <= 5.9.4 - Missing Authorization CVE-2024-1376 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 23, 2024
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution CVE-2024-5084 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 22, 2024
Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection CVE-2024-5085 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H May 22, 2024
140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection CVE-2024-4471 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H May 22, 2024
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate CVE-2023-6325 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 22, 2024
Oxygen Builder <= 4.8.2 - Authenticated (Contributor+) Remote Code Execution CVE-2024-4662 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 22, 2024
Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets CVE-2024-2163 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callback CVE-2024-0453 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback CVE-2024-0452 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N May 21, 2024
AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_list_callback CVE-2024-0451 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N May 21, 2024
Custom Post Type Attachment <= 3.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pdf_attachment Shortcode CVE-2024-4546 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 15, 2024
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure CVE-2024-0437 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 14, 2024
YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update CVE-2024-0870 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 13, 2024
Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function CVE-2024-4560 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 10, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation