Wordfence Intelligence   >   Vulnerability Researchers   >   István Márton

István Márton

Organization: Wordfence

1
All Time Ranking
803
All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 19, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 17, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 27, 2023
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 9, 2023
Learn more Learn more about Achievements

Showing 21-40 of 803 Vulnerabilities

MStore API <= 3.9.0 - Authentication Bypass
9.8
CVE-2023-2733
May 17, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
RegistrationMagic <= 5.2.1.0 - Authentication Bypass
9.8
CVE-2023-2499
May 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change
9.8
CVE-2023-2276
May 3, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass
9.8
CVE-2023-2027
Apr 14, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
9.8
CVE-2023-2297
Feb 13, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
User Verification <= 1.0.93 - Privilege Escalation
9.8
CVE-2022-4693
Dec 28, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WP OAuth Server <= 3.0.4 - Authentication Bypass
9.8
CVE-2022-34149
Aug 2, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution
9.0
CVE-2023-5843
Oct 30, 2023
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
News Announcement Scroll <= 9.0.0 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2023-5663
Mar 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Digits <= 8.4.1 - Cross-Site Request Forgery to Privilege Escalation
8.8
CVE-2024-0203
Feb 22, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update
8.8
CVE-2023-6878
Dec 15, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection
8.8
CVE-2023-2497
Nov 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2023-6009
Nov 21, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation
8.8
CVE-2023-2440
Nov 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode
8.8
CVE-2023-5709
Nov 6, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-5464
Oct 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-5465
Oct 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Wp anything slider <= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-5466
Oct 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Wp photo text slider 50 <= 8.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-5439
Oct 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
8.8
CVE-2023-5438
Oct 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
MStore API <= 3.9.0 - Authentication Bypass CVE-2023-2733 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 17, 2023
RegistrationMagic <= 5.2.1.0 - Authentication Bypass CVE-2023-2499 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 15, 2023
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change CVE-2023-2276 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 3, 2023
ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass CVE-2023-2027 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 14, 2023
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism CVE-2023-2297 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 13, 2023
User Verification <= 1.0.93 - Privilege Escalation CVE-2022-4693 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 28, 2022
WP OAuth Server <= 3.0.4 - Authentication Bypass CVE-2022-34149 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 2, 2022
Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution CVE-2023-5843 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H October 30, 2023
News Announcement Scroll <= 9.0.0 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2023-5663 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 11, 2024
Digits <= 8.4.1 - Cross-Site Request Forgery to Privilege Escalation CVE-2024-0203 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 22, 2024
Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update CVE-2023-6878 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 15, 2023
UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection CVE-2023-2497 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 21, 2023
UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation CVE-2023-6009 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 21, 2023
UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation CVE-2023-2440 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 21, 2023
WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2023-5709 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 6, 2023
Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-5464 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 30, 2023
Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-5465 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 30, 2023
Wp anything slider <= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-5466 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 30, 2023
Wp photo text slider 50 <= 8.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-5439 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 30, 2023
wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode CVE-2023-5438 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 30, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation