Wordfence Intelligence   >   Vulnerability Researchers   >   István Márton

István Márton

Organization: Wordfence

1
All Time Ranking
818
All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 19, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 17, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
November 27, 2023
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 9, 2023
Learn more Learn more about Achievements

Showing 681-700 of 818 Vulnerabilities

Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery
5.4
CVE-2023-23882
Jan 23, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery
5.4
CVE-2023-23865
Jan 23, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode
5.4
CVE-2023-0075
Jan 20, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization
5.4
CVE-2023-23896
Jan 19, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update
5.4
CVE-2023-22708
Jan 17, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery
5.4
CVE-2022-45806
Dec 16, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
BeRocket Plugins <= (Various Versions) - Missing Authorization
5.4
CVE-2022-45813
Dec 13, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Welcart e-Commerce <= 2.8.3 - Missing Authorization
5.4
CVE-2022-3946
Nov 21, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion
5.4
CVE-2022-3999
Nov 21, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Donation Button <= 4.0.0 - Missing Authorization
5.4
CVE-2022-4004
Nov 16, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change
5.4
CVE-2022-42461
Oct 31, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure
5.4
CVE-2022-36352
Oct 27, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
WP User Control <= 1.5.3 - Insecure Password Reset Mechanism
5.3
CVE-2023-4915
Sep 12, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure
5.3
CVE-2023-4917
Sep 12, 2023
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EmbedPress <= 3.7.3 - Sensitive Information Exposure
5.3
CVE-2023-3371
Jun 26, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Download Theme <= 1.0.9 - Cross-Site Request Forgery via dtwap_download()
5.3
CVE-2022-38062
May 24, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification
5.3
CVE-2022-41786
May 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Active Directory Integration / LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure
5.3
CVE-2023-0812
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Shortcodes by Angie Makes <= 3.46 - Missing Authorization
5.3
CVE-2023-23725
Apr 14, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
JustTables – WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation()
5.3
CVE-2023-23803
Mar 30, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery CVE-2023-23882 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L January 23, 2023
Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery CVE-2023-23865 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L January 23, 2023
Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode CVE-2023-0075 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N January 20, 2023
URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization CVE-2023-23896 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N January 19, 2023
Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update CVE-2023-22708 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L January 17, 2023
Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery CVE-2022-45806 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L December 16, 2022
BeRocket Plugins <= (Various Versions) - Missing Authorization CVE-2022-45813 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N December 13, 2022
Welcart e-Commerce <= 2.8.3 - Missing Authorization CVE-2022-3946 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 21, 2022
WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion CVE-2022-3999 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L November 21, 2022
Donation Button <= 4.0.0 - Missing Authorization CVE-2022-4004 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 16, 2022
miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change CVE-2022-42461 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N October 31, 2022
ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure CVE-2022-36352 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N October 27, 2022
WP User Control <= 1.5.3 - Insecure Password Reset Mechanism CVE-2023-4915 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 12, 2023
Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure CVE-2023-4917 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N September 12, 2023
EmbedPress <= 3.7.3 - Sensitive Information Exposure CVE-2023-3371 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 26, 2023
Download Theme <= 1.0.9 - Cross-Site Request Forgery via dtwap_download() CVE-2022-38062 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 24, 2023
WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification CVE-2022-41786 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 5, 2023
Active Directory Integration / LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure CVE-2023-0812 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 19, 2023
Shortcodes by Angie Makes <= 3.46 - Missing Authorization CVE-2023-23725 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 14, 2023
JustTables – WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation() CVE-2023-23803 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 30, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation