Wordfence Intelligence   >   Vulnerability Researchers   >   István Márton

István Márton

Organization: Wordfence

1
All Time Ranking
803
All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 19, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 17, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 27, 2023
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 9, 2023
Learn more Learn more about Achievements

Showing 21-40 of 803 Vulnerabilities

myCred <= 2.5 - Cross-Site Request Forgery
4.3
CVE-2023-35096
Jun 14, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove
4.3
CVE-2023-34386
Jun 3, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render
4.3
CVE-2023-34384
Jun 3, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data
4.3
CVE-2023-34378
Jun 3, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler
4.3
CVE-2023-34387
Jun 3, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation
4.3
CVE-2023-34009
Jun 2, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Download Plugin <= 2.0.4 - Cross-Site Request Forgery
4.3
CVE-2022-36345
May 24, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Groundhogg <= 2.7.9.8 - Missing Authorization to Update License
4.3
CVE-2023-2714
May 19, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
4.3
CVE-2023-2715
May 19, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action
4.3
CVE-2023-32587
May 12, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add
4.3
CVE-2023-32586
May 11, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons
4.3
CVE-2023-32579
May 11, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification
4.3
CVE ID Unknown
May 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion
4.3
CVE-2023-0766
May 2, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API
4.3
CVE-2023-2275
Apr 26, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings
4.3
CVE-2022-38356
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery
4.3
CVE-2022-45815
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery
4.3
CVE-2022-41987
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management
4.3
CVE-2023-30873
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery
4.3
CVE-2023-23716
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
myCred <= 2.5 - Cross-Site Request Forgery CVE-2023-35096 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 14, 2023
WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove CVE-2023-34386 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 3, 2023
Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render CVE-2023-34384 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 3, 2023
WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data CVE-2023-34378 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N June 3, 2023
Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler CVE-2023-34387 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 3, 2023
Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation CVE-2023-34009 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N June 2, 2023
Download Plugin <= 2.0.4 - Cross-Site Request Forgery CVE-2022-36345 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 24, 2023
Groundhogg <= 2.7.9.8 - Missing Authorization to Update License CVE-2023-2714 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 19, 2023
Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation CVE-2023-2715 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 19, 2023
WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action CVE-2023-32587 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 12, 2023
Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add CVE-2023-32586 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 11, 2023
Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons CVE-2023-32579 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 11, 2023
WP Job Portal <= 2.0.1 - Cross-Site Request Forgery to Settings Modification 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 5, 2023
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion CVE-2023-0766 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 2, 2023
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API CVE-2023-2275 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L April 26, 2023
Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings CVE-2022-38356 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 19, 2023
GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery CVE-2022-45815 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 19, 2023
BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery CVE-2022-41987 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 18, 2023
WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management CVE-2023-30873 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 18, 2023
Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery CVE-2023-23716 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 18, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation