🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Krzysztof Zając

Krzysztof Zając

Organization: CERT PL

All Time Ranking

361

All Time Discoveries

About

Finding WordPress vulnerabilities using https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 241-260 of 361 Vulnerabilities

ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting

6.1

CVE-2022-0161

Feb 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Page Builder KingComposer <= 2.9.6 - Open Redirect

8.8

CVE-2022-0165

Feb 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2022-0230

Feb 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting

6.1

CVE-2022-0399

Feb 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter

9.8

CVE-2022-0169

Feb 15, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-0429

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure

6.5

CVE-2022-0163

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter

6.1

CVE-2022-0347

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure

4.3

CVE-2022-0384

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection

8.8

CVE-2022-0410

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection

8.8

CVE-2022-0439

Feb 11, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting

6.1

CVE-2022-0533

Feb 9, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting

6.1

CVE-2022-2599

Feb 8, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

White Label MS <= 2.2.8 - Reflected Cross-Site Scripting

6.1

CVE-2022-0422

Feb 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery

6.5

CVE-2022-0445

Feb 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

NotificationX <= 2.3.8 - Blind SQL Injection

9.8

CVE-2022-0349

Feb 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-0426

Feb 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery

6.5

CVE-2021-25098

Feb 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection

9.8

CVE-2022-0434

Feb 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2021-24994

Jan 31, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting	CVE-2022-0161	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 17, 2022
Page Builder KingComposer <= 2.9.6 - Open Redirect	CVE-2022-0165	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 16, 2022
Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-0230	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 16, 2022
Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting	CVE-2022-0399	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 15, 2022
Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter	CVE-2022-0169	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 15, 2022
WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-0429	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 14, 2022
Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure	CVE-2022-0163	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 14, 2022
LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter	CVE-2022-0347	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 14, 2022
Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure	CVE-2022-0384	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 14, 2022
WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection	CVE-2022-0410	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 14, 2022
Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection	CVE-2022-0439	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 11, 2022
Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting	CVE-2022-0533	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 9, 2022
Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting	CVE-2022-2599	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 8, 2022
White Label MS <= 2.2.8 - Reflected Cross-Site Scripting	CVE-2022-0422	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 7, 2022
WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery	CVE-2022-0445	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 7, 2022
NotificationX <= 2.3.8 - Blind SQL Injection	CVE-2022-0349	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 2, 2022
Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting	CVE-2022-0426	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 1, 2022
Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery	CVE-2021-25098	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 1, 2022
Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection	CVE-2022-0434	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting	CVE-2021-24994	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 31, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation