🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Krzysztof Zając

Krzysztof Zając

Organization: CERT PL

All Time Ranking

361

All Time Discoveries

About

Finding WordPress vulnerabilities using https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 361 Vulnerabilities

WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css

4.3

CVE-2023-6812

May 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal

4.3

CVE-2024-3546

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure

4.3

CVE-2024-3275

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Easy Appointments <= 3.11.18 - Insufficient Authorization

4.3

CVE-2024-2844

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Video Conferencing with Zoom <= 4.4.5 - Sensitive Information Exposure

4.3

CVE-2024-2033

Mar 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3

CVE-2023-6257

Mar 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

4.3

CVE-2024-1904

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset

4.3

CVE-2024-1760

Mar 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion

4.3

CVE-2024-1592

Mar 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2024-1719

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk

4.3

CVE-2024-1642

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery

4.3

CVE-2024-1489

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users()

4.3

CVE-2024-0595

Feb 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WP Customer Area <= 8.2.1 - Insecure Direct Object Reference to Address Modification

4.3

CVE-2023-6741

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Customer Area <= 8.2.0 - Insecure Direct Object Reference to Account Address Disclosure

4.3

CVE-2023-6824

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

4.3

CVE-2024-0239

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion

4.3

CVE-2023-6980

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export

4.3

CVE-2023-5905

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Ultimate Responsive Image Slider <= 3.5.11 - Missing Authorization via AJAX action

4.3

CVE-2023-6077

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Word Balloon <= 4.20.2 - Cross-Site Request Forgery

4.3

CVE-2023-5884

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Open Redirect via css	CVE-2023-6812	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 13, 2024
WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal	CVE-2024-3546	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 22, 2024
eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure	CVE-2024-3275	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 12, 2024
Easy Appointments <= 3.11.18 - Insufficient Authorization	CVE-2024-2844	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 28, 2024
Video Conferencing with Zoom <= 4.4.5 - Sensitive Information Exposure	CVE-2024-2033	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 22, 2024
Inline Related Posts <= 3.5.0 - Information Exposure	CVE-2023-6257	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 21, 2024
MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts	CVE-2024-1904	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 15, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset	CVE-2024-1760	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 5, 2024
Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion	CVE-2024-1592	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	March 1, 2024
Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update	CVE-2024-1719	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 27, 2024
MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk	CVE-2024-1642	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	February 27, 2024
SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery	CVE-2024-1489	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 26, 2024
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users()	CVE-2024-0595	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 9, 2024
WP Customer Area <= 8.2.1 - Insecure Direct Object Reference to Address Modification	CVE-2023-6741	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 10, 2024
WP Customer Area <= 8.2.0 - Insecure Direct Object Reference to Account Address Disclosure	CVE-2023-6824	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	January 10, 2024
Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting	CVE-2024-0239	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 10, 2024
WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion	CVE-2023-6980	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 2, 2024
DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export	CVE-2023-5905	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 21, 2023
Ultimate Responsive Image Slider <= 3.5.11 - Missing Authorization via AJAX action	CVE-2023-6077	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 16, 2023
Word Balloon <= 4.20.2 - Cross-Site Request Forgery	CVE-2023-5884	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 13, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation