Muhammad Daffa

19
All Time Ranking
120
All Time Discoveries

About

:)

Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
March 12, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
February 2, 2024

Showing 41-60 of 120 Vulnerabilities

Title CVE ID CVSS Vector Date
Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection CVE-2023-50856 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H December 21, 2023
E2Pdf <= 1.20.23 - Authenticated(Administrator+) SQL Injection CVE-2023-50849 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H December 21, 2023
BookIt <= 2.4.3 - Authenticated(Administrator+) SQL Injection CVE-2023-50852 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H December 21, 2023
Advanced Form Integration <= 1.75.0 - Authenticated(Administrator+) SQL Injection CVE-2023-50853 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H December 21, 2023
ICS Calendar <= 10.12.0.1 - Authenticated(Contributor+) Directory Traversal via _url_get_contents CVE-2023-46784 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N October 23, 2023
Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-0966 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 12, 2024
3D FlipBook – PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks CVE-2024-1081 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 20, 2024
Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-46855 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 7, 2023
Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting CVE-2022-46848 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 6, 2023
Charitable – Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting CVE-2021-24531 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 21, 2021
Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures CVE-2022-47161 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L March 31, 2023
WooCommerce - Store Exporter <= 2.7.2 - Reflected Cross-Site Scripting via 'filter' CVE-2023-46822 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 29, 2023
YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink CVE-2022-33961 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 18, 2023
Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2022-32970 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N April 18, 2023
Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-43463 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 30, 2022
Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-34148 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N October 27, 2022
Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-32776 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2022
Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2022-36282 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N August 22, 2022
MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-38703 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N August 2, 2022
Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-27848 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N April 14, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation