🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Muhammad Daffa

Muhammad Daffa

All Time Ranking

127

All Time Discoveries

About

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 81-100 of 127 Vulnerabilities

Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure

5.3

CVE-2024-22301

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV

5.3

CVE-2023-51687

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files

5.3

CVE-2023-51688

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval

5.3

CVE-2022-46796

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion

5.3

CVE-2022-36340

Sep 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization

5.3

CVE-2022-35726

Aug 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read

4.9

CVE-2022-27844

Apr 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

4.4

CVE-2023-47829

Nov 16, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-49836

Oct 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2022-47137

Apr 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2022-46852

Feb 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)

4.4

CVE-2022-47170

Jan 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Event Tickets and Registration <= 5.8.1 - Missing Authorization

4.3

CVE-2024-1053

Feb 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization

4.3

CVE-2024-1092

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Table of Contents Plus <= 2302 - Cross-Site Request Forgery

4.3

CVE-2023-44473

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery

4.3

CVE-2022-47175

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification

4.3

CVE-2023-25989

Jul 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option

4.3

CVE-2022-47169

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data

4.3

CVE-2022-47172

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Enhanced Text Widget <= 1.5.8 - Missing Authorization

4.3

CVE-2023-23823

Jun 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure	CVE-2024-22301	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 17, 2024
Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV	CVE-2023-51687	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 27, 2023
eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files	CVE-2023-51688	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 27, 2023
CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval	CVE-2022-46796	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2023
MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion	CVE-2022-36340	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 23, 2022
Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization	CVE-2022-35726	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	August 22, 2022
Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read	CVE-2022-27844	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	April 7, 2022
Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	CVE-2023-47829	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 16, 2023
Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-49836	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2023
Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2022-47137	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-46852	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 20, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS)	CVE-2022-47170	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
Event Tickets and Registration <= 5.8.1 - Missing Authorization	CVE-2024-1053	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 21, 2024
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization	CVE-2024-1092	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 2, 2024
Table of Contents Plus <= 2302 - Cross-Site Request Forgery	CVE-2023-44473	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery	CVE-2022-47175	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 22, 2023
Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification	CVE-2023-25989	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 26, 2023
Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option	CVE-2022-47169	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2023
WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data	CVE-2022-47172	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2023
Enhanced Text Widget <= 1.5.8 - Missing Authorization	CVE-2023-23823	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 30, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation