🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Nex Team

Nex Team

186

All Time Ranking

All Time Discoveries

About

We're a team of experienced bug hunters.

3 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

10 Vulnerabilities

Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-6967

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Pods - Custom Content Types and Fields - Missing Authorization

4.3

CVE-2023-6965

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution

8.8

CVE-2023-6999

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting

6.1

CVE-2023-6697

Jan 23, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

4.3

CVE-2023-6742

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2023-6582

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields

6.4

CVE-2023-6781

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields

5.4

CVE-2023-6738

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting

4.7

CVE-2023-6737

Dec 18, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

9.8

CVE-2023-6553

Dec 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2023-6967	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
Pods - Custom Content Types and Fields - Missing Authorization	CVE-2023-6965	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 28, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution	CVE-2023-6999	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 28, 2024
WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting	CVE-2023-6697	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 23, 2024
Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images	CVE-2023-6742	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 8, 2024
ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure	CVE-2023-6582	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 8, 2024
Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields	CVE-2023-6781	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2024
PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields	CVE-2023-6738	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	January 3, 2024
Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting	CVE-2023-6737	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N	December 18, 2023
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution	CVE-2023-6553	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 11, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation