Rafie Muhammad

Organization: Patchstack

2
All Time Ranking
348
All Time Discoveries

Showing 1-20 of 348 Vulnerabilities

Title CVE ID CVSS Vector Date
Calculated Fields Form <= 1.2.54 - Reflected Cross-Site Scripting CVE-2024-29759 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Shortlinks by Pretty Links <= 3.6.2 - Reflected Cross-Site Scripting via post_status CVE-2024-29770 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Advanced Access Manager <= 6.9.20 - Reflected Cross-Site Scripting CVE-2024-29127 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 20, 2024
Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting CVE-2024-29092 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
WP Armour – Honeypot Anti Spam <= 2.1.13 - Reflected Cross-Site Scripting CVE-2024-29091 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
GiveWP <= 3.3.1 - Reflected Cross-Site Scripting CVE-2024-27987 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 15, 2024
Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery CVE-2024-27954 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation CVE-2024-27955 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 13, 2024
Automatic <= 3.92.0 - Unauthenticated SQL Injection CVE-2024-27956 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion CVE-2024-27971 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload CVE-2024-27957 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2024
LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg' CVE-2023-40000 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 27, 2024
Brooklyn <= 4.9.7.6 - Reflected Cross-Site Scripting CVE-2024-24927 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 9, 2024
Brooklyn <= 4.9.7.6 - PHP Object Injection CVE-2024-24926 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2024
WooCommerce Box Office <= 1.2.2 - Missing Authorization CVE-2024-24799 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 31, 2024
WooCommerce Subscriptions < 5.8.0 - Missing Authorization CVE-2023-50850 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 17, 2024
ARMember <= 4.0.22 - Cross-Site Request Forgery CVE-2023-52200 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L January 11, 2024
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload CVE-2023-51409 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 9, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken CVE-2023-52215 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 8, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile CVE-2023-52221 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 8, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation