🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

392

All Time Discoveries

Showing 101-120 of 392 Vulnerabilities

TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51473

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Eazy Plugin Manager <= 4.1.2 - Missing Authorization via update_options

4.3

CVE-2023-51482

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WooPayments – Fully Integrated Solution Built and Supported by Woo <= 6.6.2 - Unauthenticated Insecure Direct Object Reference

5.3

CVE-2023-51503

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

WooCommerce Stripe Payment Gateway <= 7.6.1 - Insecure Direct Object Reference via update_payment_intent_ajax

6.5

CVE-2023-51502

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51475

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation

9.8

CVE-2023-51476

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation

9.8

CVE-2023-51483

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Authenticated(Subscriber+) PHP Object Injection

7.5

CVE-2023-51422

Dec 27, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection

9.8

CVE-2023-51423

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation

9.8

CVE-2023-51424

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2023-51470

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import

7.2

CVE-2023-51546

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51468

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

CVE-2023-51484

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Local Delivery Drivers for WooCommerce <= 1.9.0 - Missing Authorization to Driver Account Takeover

7.3

CVE-2023-51481

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection

9.8

CVE-2023-51469

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Privilege Escalation

9.8

CVE-2023-51425

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update

9.8

CVE-2023-51471

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset

9.8

CVE-2023-51472

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Build App Online <= 1.0.19 - Account Takeover via Weak Password Reset Mechanism

9.8

CVE-2023-51478

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload	CVE-2023-51473	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Eazy Plugin Manager <= 4.1.2 - Missing Authorization via update_options	CVE-2023-51482	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 27, 2023
WooPayments – Fully Integrated Solution Built and Supported by Woo <= 6.6.2 - Unauthenticated Insecure Direct Object Reference	CVE-2023-51503	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 27, 2023
WooCommerce Stripe Payment Gateway <= 7.6.1 - Insecure Direct Object Reference via update_payment_intent_ajax	CVE-2023-51502	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	December 27, 2023
WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload	CVE-2023-51475	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation	CVE-2023-51476	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation	CVE-2023-51483	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WebinarIgnition <= 3.05.0 - Authenticated(Subscriber+) PHP Object Injection	CVE-2023-51422	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection	CVE-2023-51423	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation	CVE-2023-51424	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection	CVE-2023-51470	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import	CVE-2023-51546	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload	CVE-2023-51468	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass	CVE-2023-51484	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Local Delivery Drivers for WooCommerce <= 1.9.0 - Missing Authorization to Driver Account Takeover	CVE-2023-51481	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection	CVE-2023-51469	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Privilege Escalation	CVE-2023-51425	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update	CVE-2023-51471	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset	CVE-2023-51472	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Build App Online <= 1.0.19 - Account Takeover via Weak Password Reset Mechanism	CVE-2023-51478	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation