Matt Barry

Title	CVE ID	CVSS	Vector	Date
Manage WP Worker <= 4.9.2 - Authentication Bypass		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 11, 2020
Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection	CVE-2019-20361	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	November 13, 2019
SyntaxHighlighter Evolved < 3.5.1 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 21, 2019
GiveWP <= 2.5.4 - Authorization Bypass	CVE-2019-20360	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 26, 2019
WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion	CVE-2018-12895	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 5, 2018
Captcha 4.3.6 - 4.4.4 - Plugin Backdoor		9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	December 19, 2017
Appointments <= 2.2.1 - Unauthenticated PHP Object Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 2, 2017
Flickr Gallery <= 1.5.2 - Unauthenticated PHP Object Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 2, 2017
Autoptimize <= 2.1.0 - Unauthenticated Local File Inclusion		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 19, 2017
Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting	CVE-2014-6604	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 1, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation