🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

Wordfence Intelligence > Vulnerability Researchers > Krzysztof Zając

Krzysztof Zając

All Time Ranking

194

All Time Discoveries

Showing 1-20 of 194 Vulnerabilities

Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export

5.3

CVE-2023-6289

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored Cross-Site Scripting via IP

7.2

CVE-2023-5653

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Webpushr <= 4.34.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-5620

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WordPress Backup & Migration <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-5738

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Backup & Migration <= 1.4.3 - Missing Authorization to Settings Update

4.3

CVE-2023-5737

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion

6.5

CVE-2023-5559

Oct 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion

6.3

CVE-2023-5509

Oct 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection

9.8

CVE-2023-5340

Oct 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt'

6.1

CVE-2023-5609

Oct 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection

9.8

CVE-2023-5652

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion

5.3

CVE-2023-5651

Oct 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Awesome Support <= 6.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification

4.3

CVE-2023-5352

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion

6.5

CVE-2023-5454

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Qubely – Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization

5.3

CVE-2021-24916

Jul 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure

4.3

CVE-2022-4384

Jan 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery

8.1

CVE-2022-4102

Dec 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion

8.1

CVE-2022-4102

Dec 15, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation

6.5

CVE-2022-4103

Dec 15, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVE-2022-3911

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2022-4058

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export	CVE-2023-6289	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 27, 2023
WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored Cross-Site Scripting via IP	CVE-2023-5653	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 6, 2023
Webpushr <= 4.34.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting	CVE-2023-5620	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 6, 2023
WordPress Backup & Migration <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-5738	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 6, 2023
WordPress Backup & Migration <= 1.4.3 - Missing Authorization to Settings Update	CVE-2023-5737	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 6, 2023
10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion	CVE-2023-5559	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 29, 2023
myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion	CVE-2023-5509	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	October 27, 2023
Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection	CVE-2023-5340	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 27, 2023
Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt'	CVE-2023-5609	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 27, 2023
WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection	CVE-2023-5652	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 26, 2023
WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion	CVE-2023-5651	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 20, 2023
Awesome Support <= 6.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification	CVE-2023-5352	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 16, 2023
Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion	CVE-2023-5454	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	October 16, 2023
Qubely – Advanced Gutenberg Blocks <= 1.8.5 - Insufficient Authorization	CVE-2021-24916	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 17, 2023
Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure	CVE-2022-4384	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	January 16, 2023
Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery	CVE-2022-4102	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	December 15, 2022
Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion	CVE-2022-4102	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	December 15, 2022
Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation	CVE-2022-4103	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	December 15, 2022
iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation	CVE-2022-3911	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-4058	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 28, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation