🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > István Márton

István Márton

Organization: Wordfence

All Time Ranking

803

All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 101-120 of 803 Vulnerabilities

WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

8.5

CVE-2023-3958

Aug 15, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice

8.5

CVE-2022-4265

Feb 8, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Reviews and Rating – Google My Business <= 4.14 - Missing Authorization

8.3

CVE-2023-23986

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-6220

Dec 4, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AppPresser <= 4.2.5 - Insecure Password Reset Mechanism

8.1

CVE-2023-4214

Nov 16, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload

8.1

CVE-2023-5822

Nov 1, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

8.1

CVE-2023-3325

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass

8.1

CVE-2023-2781

Jun 2, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation

8.1

CVE-2023-2545

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation

8.1

CVE-2023-2706

May 16, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Subscriber+) Local File Inclusion via Shortcode

8.1

CVE-2023-1274

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion

8.1

CVE-2023-0080

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

GPT AI Power <= 1.4.37 - Missing Authorization

8.1

CVE-2023-0405

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Authenticator <= 1.3.0 - Missing Authorization

8.1

CVE-2022-3994

Nov 26, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass

8.1

CVE-2022-2133

Jun 27, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass

8.1

CVE-2022-2083

Jun 4, 2022

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution

8.0

CVE-2023-4141

Aug 3, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution

8.0

CVE-2023-4142

Aug 3, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVE-2023-6827

Dec 14, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload

7.5

CVE-2023-6187

Nov 16, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery	CVE-2023-3958	8.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N	August 15, 2023
Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice	CVE-2022-4265	8.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	February 8, 2023
Reviews and Rating – Google My Business <= 4.14 - Missing Authorization	CVE-2023-23986	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	January 20, 2023
Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-6220	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
AppPresser <= 4.2.5 - Insecure Password Reset Mechanism	CVE-2023-4214	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 16, 2023
Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload	CVE-2023-5822	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	November 1, 2023
CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature	CVE-2023-3325	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	June 19, 2023
User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass	CVE-2023-2781	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	June 2, 2023
Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation	CVE-2023-2545	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	May 30, 2023
OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation	CVE-2023-2706	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	May 16, 2023
Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Subscriber+) Local File Inclusion via Shortcode	CVE-2023-1274	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	March 22, 2023
Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-0080	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	January 23, 2023
GPT AI Power <= 1.4.37 - Missing Authorization	CVE-2023-0405	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	January 19, 2023
Authenticator <= 1.3.0 - Missing Authorization	CVE-2022-3994	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	November 26, 2022
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass	CVE-2022-2133	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	June 27, 2022
Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass	CVE-2022-2083	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	June 4, 2022
WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution	CVE-2023-4141	8.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H	August 3, 2023
WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution	CVE-2023-4142	8.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H	August 3, 2023
Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-6827	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 14, 2023
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-6187	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	November 16, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation