Justiice

105
All Time Ranking
21
All Time Discoveries

Showing 1-20 of 21 Vulnerabilities

Title CVE ID CVSS Vector Date
Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization CVE-2023-36526 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 27, 2023
Ajax Pagination and Infinite Scroll <= 2.0.1 - Cross-Site Request Forgery CVE-2023-34033 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 31, 2023
Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-25063 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N May 12, 2023
Wise Chat <= 3.1.3 - Cross-Site Request Forgery CVE-2023-32504 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 9, 2023
WP-CORS <= 0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-47606 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 28, 2023
WP Search Analytics <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-47587 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 28, 2023
AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization CVE-2022-47604 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 28, 2023
Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-46861 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2022-46819 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2022-47423 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-46817 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 19, 2023
Affiliate Links Lite <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-22696 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 14, 2023
PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-46844 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 30, 2023
Custom Options Plus <= 1.8.1 - Cross-Site Request Forgery via custom_options_plus_adm CVE-2023-28420 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 16, 2023
WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-47157 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 20, 2023
Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting CVE-2022-46863 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N February 14, 2023
Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery via aalDeleteLink function CVE-2023-22689 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 2, 2023
Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-47596 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N January 20, 2023
Freesoul Deactivate Plugins <= 1.9.4.0 - Information Disclosure CVE-2023-22687 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N January 13, 2023
UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection CVE-2022-47442 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L December 21, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation