🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > István Márton

István Márton

Organization: Wordfence

All Time Ranking

805

All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 501-520 of 805 Vulnerabilities

WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4825

Jan 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4717

Jan 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0144

Jan 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0097

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0074

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode

6.4

CVE-2022-4792

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4837

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0071

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode

6.4

CVE-2022-4749

Jan 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4776

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4649

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4831

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS

6.4

CVE-2022-4470

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.4

CVE-2023-0252

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4764

Jan 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4783

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4759

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4786

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4785

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4788

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4825	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4717	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0144	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0097	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0074	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode	CVE-2022-4792	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4837	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0071	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode	CVE-2022-4749	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4776	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4649	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4831	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS	CVE-2022-4470	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute	CVE-2023-0252	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4764	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4783	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4759	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4786	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4785	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4788	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation