Wordfence Intelligence   >   Vulnerability Researchers   >   Joshua Chan

Joshua Chan

29
All Time Ranking
123
All Time Discoveries

About

Penetration Tester, Security Researcher

Showing 1-20 of 123 Vulnerabilities

Zephyr Project Manager <= 3.3.99 - Unauthenticated Information Exposure
5.3
CVE-2024-38761
Jul 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Send Users Email <= 1.5.1 - Unauthenticated Information Exposure
5.3
CVE-2024-38760
Jul 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Event Tickets <= 5.11.0.4 - Cross-Site Request Forgery
4.3
CVE-2024-38762
Jul 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Wallet System for WooCommerce <= 2.5.13 - Information Exposure via Log Files
5.3
CVE-2024-38699
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Coming Soon <= 1.6.3 - Unauthenticated Information Exposure
5.3
CVE-2024-38756
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MBE eShip <= 2.1.2 - Cross-Site Request Forgery
4.3
CVE-2024-38729
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
MBE eShip <= 2.1.2 - Information Exposure
5.3
CVE-2024-38742
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
HitPay Payment Gateway for WooCommerce <= 4.1.3 - Information Exposure via Log Files
5.3
CVE-2024-38747
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-38741
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Missing Authorization
4.3
CVE-2024-38719
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Titan Anti-spam & Security <= 7.3.6 - Missing Authorization
4.3
CVE-2024-38777
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37958
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37959
Jul 10, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
TOCHAT.BE <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2024-37563
Jul 9, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Testimonials Widget <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-37553
Jul 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Meks Easy Ads Widget <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-37548
Jul 6, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-37552
Jul 6, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CC & BCC for Woocommerce Order Emails <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-37522
Jul 5, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
affiliate-toolkit <= 3.4.4 - Unauthenticated Sensitive Information Exposure via Logs
5.3
CVE-2024-37205
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass
5.3
CVE-2024-35747
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Zephyr Project Manager <= 3.3.99 - Unauthenticated Information Exposure CVE-2024-38761 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 12, 2024
Send Users Email <= 1.5.1 - Unauthenticated Information Exposure CVE-2024-38760 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 12, 2024
Event Tickets <= 5.11.0.4 - Cross-Site Request Forgery CVE-2024-38762 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 12, 2024
Wallet System for WooCommerce <= 2.5.13 - Information Exposure via Log Files CVE-2024-38699 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 11, 2024
Coming Soon <= 1.6.3 - Unauthenticated Information Exposure CVE-2024-38756 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 11, 2024
MBE eShip <= 2.1.2 - Cross-Site Request Forgery CVE-2024-38729 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 11, 2024
MBE eShip <= 2.1.2 - Information Exposure CVE-2024-38742 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 11, 2024
HitPay Payment Gateway for WooCommerce <= 4.1.3 - Information Exposure via Log Files CVE-2024-38747 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 11, 2024
Amazing Hover Effects <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-38741 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Missing Authorization CVE-2024-38719 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N July 11, 2024
Titan Anti-spam & Security <= 7.3.6 - Missing Authorization CVE-2024-38777 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N July 11, 2024
Meks Smart Author Widget <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37958 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Power BI Embedded for WordPress <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37959 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
TOCHAT.BE <= 1.3.0 - Unauthenticated Stored Cross-Site Scripting CVE-2024-37563 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N July 9, 2024
Testimonials Widget <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37553 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 6, 2024
Meks Easy Ads Widget <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-37548 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 6, 2024
Social Media & Share Icons <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-37552 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 6, 2024
CC & BCC for Woocommerce Order Emails <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-37522 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2024
affiliate-toolkit <= 3.4.4 - Unauthenticated Sensitive Information Exposure via Logs CVE-2024-37205 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 20, 2024
Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass CVE-2024-35747 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 6, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation