Wordfence Intelligence   >   Vulnerability Researchers   >   Krzysztof Zając

Krzysztof Zając

Organization: CERT PL

3
All Time Ranking
361
All Time Discoveries

About

Finding WordPress vulnerabilities using https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html

8 Achievements

Learn more about Achievements
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
April 22, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
April 4, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
March 19, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
February 27, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
February 9, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 23, 2024
1337 Vulnerability Researcher
1337 Vulnerability Researcher
January 2, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 2, 2024
Learn more Learn more about Achievements

Showing 21-40 of 361 Vulnerabilities

PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update
9.8
CVE-2021-25032
Dec 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter
9.8
CVE-2021-24946
Nov 15, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection
9.8
CVE-2021-24931
Nov 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection
9.8
CVE-2021-24943
Nov 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css
9.1
CVE-2023-6699
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution
8.8
CVE-2024-3750
May 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-2831
Apr 29, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
8.8
CVE-2024-3293
Apr 22, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-3211
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-0608
Mar 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-1990
Mar 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-1893
Mar 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-2342
Mar 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-2341
Mar 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2024-1799
Mar 19, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2024-1991
Mar 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-1795
Mar 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-1203
Feb 27, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-0594
Feb 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2023-5931
Nov 29, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update CVE-2021-25032 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 8, 2021
Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter CVE-2021-24946 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 15, 2021
Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection CVE-2021-24931 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2021
Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection CVE-2021-24943 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2021
WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css CVE-2023-6699 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N January 3, 2024
Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution CVE-2024-3750 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 15, 2024
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2831 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 29, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode CVE-2024-3293 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 22, 2024
Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection CVE-2024-3211 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 11, 2024
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection CVE-2024-0608 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 28, 2024
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-1990 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 26, 2024
Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode CVE-2024-1893 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 21, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-2342 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 20, 2024
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection CVE-2024-2341 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 20, 2024
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-1799 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 19, 2024
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation CVE-2024-1991 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 14, 2024
HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection CVE-2024-1795 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 14, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection CVE-2024-1203 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 27, 2024
Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection CVE-2024-0594 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2024
rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2023-5931 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 29, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation