🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Francesco Carlucci

Francesco Carlucci

All Time Ranking

248

All Time Discoveries

About

Hacker and Digital Nomad, the worst combination ever :)

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 61-80 of 248 Vulnerabilities

(Simply) Guest Author Name <= 4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-0254

Jan 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization

4.3

CVE-2024-0791

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update

4.3

CVE-2024-0836

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery

5.4

CVE-2024-0790

Jan 30, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records()

5.3

CVE-2024-0907

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()

5.3

CVE-2024-1129

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()

5.3

CVE-2024-1130

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

4.3

CVE-2024-0797

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request Forgery

4.3

CVE-2024-0796

Jan 31, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery

4.3

CVE-2024-1162

Feb 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ThemeIsle SDK <= Various Versions - Missing Authorization

5.3

CVE-2024-1047

Feb 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API

5.3

CVE-2024-0969

Feb 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass

5.3

CVE-2024-0909

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-6526

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export

5.3

CVE-2024-1121

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update

5.3

CVE-2024-1177

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Customer Reviews for WooCommerce <= 5.38.12 - Improper Authorization via submit_review

5.3

CVE-2024-1044

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn

4.3

CVE-2024-1089

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization

4.3

CVE-2024-1334

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization

4.3

CVE-2024-1335

Feb 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
(Simply) Guest Author Name <= 4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-0254	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 26, 2024
WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization	CVE-2024-0791	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 30, 2024
WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update	CVE-2024-0836	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 30, 2024
WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery	CVE-2024-0790	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	January 30, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records()	CVE-2024-0907	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 31, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()	CVE-2024-1129	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 31, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()	CVE-2024-1130	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 31, 2024
Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization	CVE-2024-0797	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 31, 2024
Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request Forgery	CVE-2024-0796	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 31, 2024
Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery	CVE-2024-1162	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 1, 2024
ThemeIsle SDK <= Various Versions - Missing Authorization	CVE-2024-1047	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 1, 2024
ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API	CVE-2024-0969	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 1, 2024
Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass	CVE-2024-0909	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 2, 2024
Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-6526	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 5, 2024
Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export	CVE-2024-1121	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 5, 2024
WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update	CVE-2024-1177	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 5, 2024
Customer Reviews for WooCommerce <= 5.38.12 - Improper Authorization via submit_review	CVE-2024-1044	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 6, 2024
ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn	CVE-2024-1089	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 7, 2024
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization	CVE-2024-1334	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 7, 2024
ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization	CVE-2024-1335	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 7, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation