🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Krzysztof Zając

Krzysztof Zając

Organization: CERT PL

All Time Ranking

361

All Time Discoveries

About

Finding WordPress vulnerabilities using https://kazet.cc/2022/02/03/fuzzing-wordpress-plugins.html

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 101-120 of 361 Vulnerabilities

Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure

6.5

CVE-2024-1381

Mar 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update

6.5

CVE-2024-1763

Feb 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting

6.5

CVE-2024-1559

Feb 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting

6.5

CVE-2024-0678

Jan 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation

6.5

CVE-2023-6985

Jan 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

easy.jobs <= 2.4.6 - Missing Authorization to Settings Update

6.5

CVE-2023-6843

Jan 21, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion

6.5

CVE-2023-5559

Oct 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion

6.5

CVE-2023-5454

Oct 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation

6.5

CVE-2022-4103

Dec 15, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization

6.5

CVE-2022-0363

Mar 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update

6.5

CVE-2022-0404

Mar 11, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure

6.5

CVE-2022-0163

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery

6.5

CVE-2022-0445

Feb 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery

6.5

CVE-2021-25098

Feb 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery

6.5

CVE-2021-25081

Jan 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Ultimate Product Catalog – WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery

6.5

CVE-2021-24993

Jan 6, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection

6.5

CVE-2021-24928

Jan 5, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery

6.5

CVE-2021-25072

Jan 3, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery

6.5

CVE-2021-24989

Dec 9, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure

6.5

CVE-2021-24945

Nov 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure	CVE-2024-1381	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 4, 2024
Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update	CVE-2024-1763	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	February 29, 2024
Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-1559	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	February 19, 2024
Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-0678	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	January 29, 2024
10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation	CVE-2023-6985	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	January 25, 2024
easy.jobs <= 2.4.6 - Missing Authorization to Settings Update	CVE-2023-6843	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	January 21, 2024
10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion	CVE-2023-5559	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 29, 2023
Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion	CVE-2023-5454	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	October 16, 2023
Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation	CVE-2022-4103	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	December 15, 2022
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization	CVE-2022-0363	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	March 29, 2022
Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update	CVE-2022-0404	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	March 11, 2022
Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure	CVE-2022-0163	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 14, 2022
WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery	CVE-2022-0445	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 7, 2022
Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery	CVE-2021-25098	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 1, 2022
WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery	CVE-2021-25081	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	January 27, 2022
Ultimate Product Catalog – WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery	CVE-2021-24993	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	January 6, 2022
Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection	CVE-2021-24928	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	January 5, 2022
NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery	CVE-2021-25072	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	January 3, 2022
Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery	CVE-2021-24989	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	December 9, 2021
Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure	CVE-2021-24945	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	November 11, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation