Wordfence Intelligence   >   Vulnerability Researchers   >   Marco Wotschka

Marco Wotschka

Organization: Wordfence

9
All Time Ranking
228
All Time Discoveries

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 13, 2023
Learn more Learn more about Achievements

Showing 121-140 of 228 Vulnerabilities

Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication
5.4
CVE-2022-2224
May 24, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure
5.3
CVE-2023-4723
Nov 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions
5.3
CVE-2023-5533
Oct 11, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
5.3
CVE-2023-5254
Oct 11, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe
5.3
CVE-2023-4668
Sep 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax
5.3
CVE-2023-4645
Sep 22, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass
5.3
CVE-2023-2159
Apr 18, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure
5.3
CVE-2023-1263
Mar 7, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
4.9
CVE-2023-2354
Jun 15, 2023
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal
4.9
CVE-2023-2688
May 23, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.7
CVE-2023-4500
Aug 28, 2023
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update
4.7
CVE-2022-3622
Sep 27, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4839
Mar 12, 2024
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-4726
Nov 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-1259
Oct 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2023-4021
Sep 28, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4648
Sep 13, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-4271
Sep 12, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting
4.4
CVE-2023-4160
Aug 18, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-3996
Jul 14, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication CVE-2022-2224 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N May 24, 2022
Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure CVE-2023-4723 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N November 15, 2023
AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions CVE-2023-5533 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N October 11, 2023
AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user CVE-2023-5254 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N October 11, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe CVE-2023-4668 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 22, 2023
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax CVE-2023-4645 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N September 22, 2023
CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass CVE-2023-2159 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 18, 2023
CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure CVE-2023-1263 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N March 7, 2023
CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-2354 4.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N June 15, 2023
WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal CVE-2023-2688 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N May 23, 2023
Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4500 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N August 28, 2023
Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update CVE-2022-3622 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N September 27, 2022
WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4839 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N March 12, 2024
Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-4726 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 13, 2023
Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-1259 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N October 5, 2023
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-4021 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023
WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4648 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 13, 2023
Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-4271 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 12, 2023
WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting CVE-2023-4160 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 18, 2023
ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-3996 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation