🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

434

All Time Discoveries

Showing 381-400 of 434 Vulnerabilities

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken

9.8

CVE-2023-52215

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Taggbox <= 3.1 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52225

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52218

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52181

Dec 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51411

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51419

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51412

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51473

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51475

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation

9.8

CVE-2023-51476

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation

9.8

CVE-2023-51483

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection

9.8

CVE-2023-51423

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation

9.8

CVE-2023-51424

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51468

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

CVE-2023-51484

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection

9.8

CVE-2023-51469

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Privilege Escalation

9.8

CVE-2023-51425

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update

9.8

CVE-2023-51471

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset

9.8

CVE-2023-51472

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Build App Online <= 1.0.19 - Account Takeover via Weak Password Reset Mechanism

9.8

CVE-2023-51478

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken	CVE-2023-52215	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
Taggbox <= 3.1 - Unauthenticated PHP Object Injection	CVE-2023-52225	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 5, 2024
WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection	CVE-2023-52218	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 5, 2024
Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection	CVE-2023-52181	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 29, 2023
Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload	CVE-2023-51411	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload	CVE-2023-51419	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-51412	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload	CVE-2023-51473	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload	CVE-2023-51475	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation	CVE-2023-51476	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation	CVE-2023-51483	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection	CVE-2023-51423	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation	CVE-2023-51424	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload	CVE-2023-51468	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass	CVE-2023-51484	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection	CVE-2023-51469	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Privilege Escalation	CVE-2023-51425	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update	CVE-2023-51471	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset	CVE-2023-51472	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Build App Online <= 1.0.19 - Account Takeover via Weak Password Reset Mechanism	CVE-2023-51478	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation