🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Peng Zhou

Peng Zhou

All Time Ranking

All Time Discoveries

Showing 1-20 of 35 Vulnerabilities

Seraphinite Post .DOCX Source <= 2.16.9 - Missing Authorization

4.3

CVE-2024-38727

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVE-2024-38728

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Olive One Click Demo Import <= 1.1.2 - Unauthenticated Information Exposure

5.3

CVE-2024-38749

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-38755

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Realtyna Organic IDX plugin <= 4.14.13 - Authenticated (Admin+) Arbitrary File Upload

9.1

CVE-2024-38736

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Import Spreadsheets from Microsoft Excel <= 10.1.4 - Authenticated (Editor+) Arbitrary File Upload

9.1

CVE-2024-38734

Jul 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.6 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-38688

Jul 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Table & Contact Form 7 Database – Tablesome <= 1.0.33 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-37498

Jul 4, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

FileBird Document Library <= 2.0.6 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-37504

Jul 4, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Church Admin <= 4.4.6 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-37418

Jul 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Newsletters <= 4.9.7 - Cross-Site Request Forgery

4.3

CVE-2024-37227

Jun 21, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Podlove Web Player <= 5.7.3 - Missing Authorization to Unauthenticated Information Exposure

5.3

CVE-2024-35710

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WP Fundraising Donation and Crowdfunding Platform <= 1.6.4 - Missing Authorization

5.3

CVE-2024-34758

May 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Academy LMS <= 1.9.25 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-35171

May 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gutenify <= 1.4.0 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-35165

May 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MC Woocommerce Wishlist <= 1.7.8 - Missing Authorization

5.3

CVE-2024-34813

May 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ShopBuilder – Elementor WooCommerce Builder Addons <= 2.1.8 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-34812

May 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WP Job Manager <= 2.2.2 - Unauthenticated Information Exposure

5.3

CVE-2024-34549

May 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

weDocs <= 2.1.4 - Missing Authorization

5.3

CVE-2024-34442

May 7, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Robo Gallery <= 3.2.18 - Unauthenticated Information Exposure

5.3

CVE-2024-34382

May 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Seraphinite Post .DOCX Source <= 2.16.9 - Missing Authorization	CVE-2024-38727	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	July 11, 2024
Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery	CVE-2024-38728	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 11, 2024
Olive One Click Demo Import <= 1.1.2 - Unauthenticated Information Exposure	CVE-2024-38749	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 11, 2024
DirectoryPress <= 3.6.10 - Authenticated (Contributor+) SQL Injection	CVE-2024-38755	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	July 11, 2024
Realtyna Organic IDX plugin <= 4.14.13 - Authenticated (Admin+) Arbitrary File Upload	CVE-2024-38736	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	July 11, 2024
Import Spreadsheets from Microsoft Excel <= 10.1.4 - Authenticated (Editor+) Arbitrary File Upload	CVE-2024-38734	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	July 11, 2024
Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.6 - Unauthenticated Sensitive Information Exposure	CVE-2024-38688	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 10, 2024
Table & Contact Form 7 Database – Tablesome <= 1.0.33 - Unauthenticated Sensitive Information Exposure	CVE-2024-37498	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 4, 2024
FileBird Document Library <= 2.0.6 - Unauthenticated Sensitive Information Exposure	CVE-2024-37504	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 4, 2024
Church Admin <= 4.4.6 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-37418	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 4, 2024
Newsletters <= 4.9.7 - Cross-Site Request Forgery	CVE-2024-37227	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2024
Podlove Web Player <= 5.7.3 - Missing Authorization to Unauthenticated Information Exposure	CVE-2024-35710	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 6, 2024
WP Fundraising Donation and Crowdfunding Platform <= 1.6.4 - Missing Authorization	CVE-2024-34758	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 14, 2024
Academy LMS <= 1.9.25 - Unauthenticated Sensitive Information Exposure	CVE-2024-35171	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 10, 2024
Gutenify <= 1.4.0 - Unauthenticated Sensitive Information Exposure	CVE-2024-35165	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 10, 2024
MC Woocommerce Wishlist <= 1.7.8 - Missing Authorization	CVE-2024-34813	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 9, 2024
ShopBuilder – Elementor WooCommerce Builder Addons <= 2.1.8 - Unauthenticated Sensitive Information Exposure	CVE-2024-34812	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 9, 2024
WP Job Manager <= 2.2.2 - Unauthenticated Information Exposure	CVE-2024-34549	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 7, 2024
weDocs <= 2.1.4 - Missing Authorization	CVE-2024-34442	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 7, 2024
Robo Gallery <= 3.2.18 - Unauthenticated Information Exposure	CVE-2024-34382	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 3, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation