🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Marco Wotschka

Marco Wotschka

Organization: Wordfence

All Time Ranking

228

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 101-120 of 228 Vulnerabilities

Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure

5.3

CVE-2023-4723

Nov 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions

5.3

CVE-2023-5533

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user

5.3

CVE-2023-5254

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe

5.3

CVE-2023-4668

Sep 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

5.3

CVE-2023-4645

Sep 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass

5.3

CVE-2023-2159

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

5.3

CVE-2023-1263

Mar 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action

5.4

CVE-2023-5756

Dec 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

5.4

CVE-2023-4690

Nov 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery

5.4

CVE-2023-4689

Nov 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion

5.4

CVE-2023-4248

Oct 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation

5.4

CVE-2023-4247

Oct 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

5.4

CVE-2023-4923

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion

5.4

CVE-2023-4924

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion

5.4

CVE-2023-4926

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup

5.4

CVE-2023-2517

Jun 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action

5.4

CVE-2023-2526

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action

5.4

CVE-2023-2528

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset

5.4

CVE-2023-1866

Apr 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change

5.4

CVE-2023-1867

Apr 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure	CVE-2023-4723	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 15, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions	CVE-2023-5533	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 11, 2023
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user	CVE-2023-5254	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 11, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe	CVE-2023-4668	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 22, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax	CVE-2023-4645	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 22, 2023
CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass	CVE-2023-2159	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 18, 2023
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure	CVE-2023-1263	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 7, 2023
Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action	CVE-2023-5756	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 8, 2023
Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery	CVE-2023-4690	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	November 15, 2023
Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery	CVE-2023-4689	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	November 15, 2023
GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion	CVE-2023-4248	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 31, 2023
GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation	CVE-2023-4247	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 31, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion	CVE-2023-4923	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 25, 2023
BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion	CVE-2023-4924	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	September 25, 2023
BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion	CVE-2023-4926	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 25, 2023
Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup	CVE-2023-2517	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	June 22, 2023
Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action	CVE-2023-2526	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 24, 2023
Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action	CVE-2023-2528	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 16, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset	CVE-2023-1866	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	April 5, 2023
YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change	CVE-2023-1867	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	April 5, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation