Wordfence Intelligence   >   Vulnerability Researchers   >   Francesco Carlucci

Francesco Carlucci

8
All Time Ranking
242
All Time Discoveries

About

Hacker and Digital Nomad, the worst combination ever :)

8 Achievements

Learn more about Achievements
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
February 27, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
February 26, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
February 7, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
January 30, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
January 9, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 5, 2024
1337 Vulnerability Researcher
1337 Vulnerability Researcher
December 12, 2023
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 27, 2023
Learn more Learn more about Achievements

Showing 61-80 of 242 Vulnerabilities

Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access
4.3
CVE-2021-24845
Nov 15, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Wp Limits <= 1.0 - Cross-Site Request Forgery
4.3
CVE-2021-24818
Nov 15, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts/Pages Access
4.3
CVE-2021-24851
Oct 18, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting
4.4
CVE-2024-0449
Feb 27, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection
4.8
CVE-2022-3603
Nov 3, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update
5.0
CVE-2024-0447
Feb 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products
5.3
CVE-2023-6327
May 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
5.3
CVE-2024-1678
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification
5.3
CVE-2024-1584
Apr 26, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure
5.3
CVE-2024-0615
Apr 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure
5.3
CVE-2024-2043
Apr 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
5.3
CVE-2024-0629
Apr 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
5.3
CVE-2023-5692
Apr 4, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure
5.3
CVE-2024-1418
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler
5.3
CVE-2024-0626
Mar 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export
5.3
CVE-2024-1119
Mar 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
5.3
CVE-2024-1473
Mar 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Easy Maintenance Mode <= 1.4.2 - Information Exposure
5.3
CVE-2024-1477
Mar 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure
5.3
CVE-2024-0899
Mar 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
f(x) Private Site <= 1.2.1 - Sensitive Information Exposure
5.3
CVE-2024-0906
Mar 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Title CVE ID CVSS Vector Date
Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access CVE-2021-24845 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N November 15, 2021
Wp Limits <= 1.0 - Cross-Site Request Forgery CVE-2021-24818 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 15, 2021
Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts/Pages Access CVE-2021-24851 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N October 18, 2021
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting CVE-2024-0449 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 27, 2024
Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection CVE-2022-3603 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N November 3, 2022
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update CVE-2024-0447 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N February 26, 2024
ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products CVE-2023-6327 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 3, 2024
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API CVE-2024-1678 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 29, 2024
Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification CVE-2024-1584 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 26, 2024
Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure CVE-2024-0615 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 16, 2024
EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure CVE-2024-2043 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 16, 2024
2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins CVE-2024-0629 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 15, 2024
WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink CVE-2023-5692 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 4, 2024
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure CVE-2024-1418 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 3, 2024
WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler CVE-2024-0626 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 22, 2024
Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export CVE-2024-1119 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 19, 2024
Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure CVE-2024-1473 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 19, 2024
Easy Maintenance Mode <= 1.4.2 - Information Exposure CVE-2024-1477 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 19, 2024
s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure CVE-2024-0899 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 18, 2024
f(x) Private Site <= 1.2.1 - Sensitive Information Exposure CVE-2024-0906 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 11, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation