🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > István Márton

István Márton

Organization: Wordfence

All Time Ranking

803

All Time Discoveries

About

I'm an experienced WordPress developer, with a focus on plugin development at Lana Solutions. I have spent years focusing on perfecting my skills as a developer, and have recently redirected efforts towards WordPress testing, audits, and vulnerability research. Currently, I'm a vulnerability research contractor for Wordfence and continue to defy the norms by maintaining status as the #1 Researcher in WordPress due to the volume of vulnerabilities I'm able to discover and responsibly disclose.

4 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 81-100 of 803 Vulnerabilities

Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4449

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Click to Chat <= 3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4480

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4460

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4465

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2022-4571

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode

6.4

CVE-2022-4469

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4451

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4486

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Insert Pages <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4483

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting

6.4

CVE-2022-4661

Dec 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode

6.4

CVE-2022-4648

Dec 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4482

Dec 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4453

Dec 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2022-4478

Dec 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4508

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2022-4544

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2022-4658

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4651

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4464

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2022-4507

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4449	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Click to Chat <= 3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4480	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4460	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4465	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4571	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode	CVE-2022-4469	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4451	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4486	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Insert Pages <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4483	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting	CVE-2022-4661	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 21, 2022
Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	CVE-2022-4648	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2022
Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4482	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2022
3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4453	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2022
Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4478	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 22, 2022
ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4508	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022
Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4544	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022
RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4658	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022
Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4651	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022
Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4464	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022
Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4507	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 23, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation