🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Muhammad Daffa

Muhammad Daffa

All Time Ranking

127

All Time Discoveries

About

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 41-60 of 127 Vulnerabilities

Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read

4.9

CVE-2022-27844

Apr 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Paid Memberships Pro – Mailchimp Add On <= 2.3.4 - Unauthenticated Information Disclosure

5.3

CVE-2024-30523

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure

5.3

CVE-2024-22301

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files

5.3

CVE-2023-51688

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV

5.3

CVE-2023-51687

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval

5.3

CVE-2022-46796

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion

5.3

CVE-2022-36340

Sep 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization

5.3

CVE-2022-35726

Aug 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-0895

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product

5.4

CVE-2022-45371

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery

5.4

CVE-2022-45367

Apr 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

WooCommerce Weight Based Shipping <= 5.4.1 - Cross-Site Request Forgery leading to Plugin Settings Changes

5.4

CVE-2022-46794

Mar 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates

5.4

CVE-2022-46798

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery

5.4

CVE-2022-45376

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions

5.4

CVE-2022-38134

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery

5.4

CVE-2022-38470

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Booking Calendar <= 9.2.1 - Cross-Site Request Forgery

5.4

CVE-2022-33177

Sep 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

5.5

CVE-2022-32970

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-43463

Oct 30, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-34148

Oct 27, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read	CVE-2022-27844	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	April 7, 2022
Paid Memberships Pro – Mailchimp Add On <= 2.3.4 - Unauthenticated Information Disclosure	CVE-2024-30523	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 28, 2024
Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure	CVE-2024-22301	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 17, 2024
eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files	CVE-2023-51688	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 27, 2023
Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV	CVE-2023-51687	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 27, 2023
CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval	CVE-2022-46796	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2023
MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion	CVE-2022-36340	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 23, 2022
Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization	CVE-2022-35726	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 22, 2022
PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-0895	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	February 2, 2024
ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product	CVE-2022-45371	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	April 19, 2023
Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery	CVE-2022-45367	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 14, 2023
WooCommerce Weight Based Shipping <= 5.4.1 - Cross-Site Request Forgery leading to Plugin Settings Changes	CVE-2022-46794	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	March 13, 2023
ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates	CVE-2022-46798	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 6, 2023
Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery	CVE-2022-45376	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 2, 2023
Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions	CVE-2022-38134	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	September 22, 2022
Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery	CVE-2022-38470	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	September 22, 2022
Booking Calendar <= 9.2.1 - Cross-Site Request Forgery	CVE-2022-33177	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 6, 2022
Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2022-32970	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-43463	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 30, 2022
Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-34148	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 27, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation