🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

434

All Time Discoveries

Showing 321-340 of 434 Vulnerabilities

Elementor Pro <= 3.13.0 - Missing Authorization

6.3

CVE-2023-35050

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery

4.3

CVE-2023-34030

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-30500

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery

4.3

CVE-2023-35917

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-31213

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection

6.6

CVE-2023-35879

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method

6.5

CVE-2023-35916

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference

6.5

CVE-2023-35914

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions

4.3

CVE-2023-35876

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting

6.1

CVE-2023-35918

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery

4.3

CVE-2023-35880

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2023-3295

Jun 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure

7.5

CVE-2023-34000

Jun 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization

6.3

CVE-2023-35049

Jun 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting

6.1

CVE-2023-34012

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Box Office <= 1.1.51 - Missing Authorization

5.3

CVE-2023-34003

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WooCommerce Box Office <= 1.1.50 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-34004

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection

9.8

CVE-2023-25700

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection

8.8

CVE-2023-25800

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection

8.8

CVE-2023-25990

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Elementor Pro <= 3.13.0 - Missing Authorization	CVE-2023-35050	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	June 20, 2023
Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery	CVE-2023-34030	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 20, 2023
Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting	CVE-2023-30500	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 20, 2023
WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery	CVE-2023-35917	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 20, 2023
WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-31213	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 20, 2023
WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection	CVE-2023-35879	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	June 19, 2023
WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method	CVE-2023-35916	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	June 19, 2023
WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference	CVE-2023-35914	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	June 19, 2023
WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions	CVE-2023-35876	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 19, 2023
WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting	CVE-2023-35918	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 19, 2023
WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery	CVE-2023-35880	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 19, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2023-3295	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 16, 2023
WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure	CVE-2023-34000	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 13, 2023
WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization	CVE-2023-35049	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	June 13, 2023
Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting	CVE-2023-34012	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2023
WooCommerce Box Office <= 1.1.51 - Missing Authorization	CVE-2023-34003	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 2, 2023
WooCommerce Box Office <= 1.1.50 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-34004	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 2, 2023
Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection	CVE-2023-25700	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection	CVE-2023-25800	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection	CVE-2023-25990	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 30, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation