🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Kunal Sharma

Kunal Sharma

All Time Ranking

All Time Discoveries

Showing 21-40 of 44 Vulnerabilities

Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields

8.1

CVE-2022-4158

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id

7.5

CVE-2022-4159

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id

6.6

CVE-2022-4154

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id

8.1

CVE-2022-4156

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post

7.5

CVE-2022-4164

Dec 5, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection

5.5

CVE-2022-4352

Dec 8, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection

5.5

CVE-2022-4351

Dec 8, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4360

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4355

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4359

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4356

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4358

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Web Invoice <= 2.1.3 - Authenticated SQL Injection

8.8

CVE-2022-4371

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-4373

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action

9.8

CVE-2022-4357

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-4370

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Web Invoice <= 2.1.3 - Authenticated SQL Injection

8.8

CVE-2022-4372

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4547

Dec 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection

7.2

CVE-2022-4546

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0278

Jan 31, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields	CVE-2022-4158	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id	CVE-2022-4159	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id	CVE-2022-4154	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id	CVE-2022-4156	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post	CVE-2022-4164	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2022
Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection	CVE-2022-4352	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 8, 2022
Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection	CVE-2022-4351	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 8, 2022
WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection	CVE-2022-4360	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection	CVE-2022-4355	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection	CVE-2022-4359	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection	CVE-2022-4356	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection	CVE-2022-4358	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 9, 2022
Web Invoice <= 2.1.3 - Authenticated SQL Injection	CVE-2022-4371	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection	CVE-2022-4373	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action	CVE-2022-4357	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection	CVE-2022-4370	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Web Invoice <= 2.1.3 - Authenticated SQL Injection	CVE-2022-4372	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection	CVE-2022-4547	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 24, 2022
Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection	CVE-2022-4546	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 19, 2023
GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection	CVE-2023-0278	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	January 31, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation