🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

434

All Time Discoveries

Showing 301-320 of 434 Vulnerabilities

Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-30500

Jun 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting

6.1

CVE-2023-35918

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting

6.1

CVE-2023-34012

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting

6.1

CVE-2023-33332

May 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Follow-Up Emails <= 4.9.40 - Reflected Cross-Site Scripting

6.1

CVE-2023-33319

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Duplicator Pro <= 4.5.11 - Reflected Cross-Site Scripting

6.1

CVE-2023-33309

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Rank Math SEO PRO <= 3.0.35 - Reflected Cross-Site Scripting

6.1

CVE-2023-32800

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage

6.1

CVE-2023-32960

May 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error'

6.1

CVE-2023-23900

May 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Chaty <= 3.0.9 - Reflected Cross-Site Scripting

6.1

CVE-2023-25019

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting

6.1

CVE-2023-32241

May 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-32801

May 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add

6.1

CVE-2023-33333

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2022-45366

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Yoast SEO: Local <= 14.8 - Reflected Cross-Site Scripting

6.1

CVE-2023-32300

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Advanced Custom Fields (Free and Pro) 5.8.10 to 5.12.5 & 6.0.0 to 6.1.5 - Reflected Cross-Site Scripting via 'post_status'

6.1

CVE-2023-30777

May 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Flatsome <= 3.16.8 - Reflected Cross-Site Scripting in UX Builder

6.1

CVE-2023-28994

Apr 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Betheme <= 26.7.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-29101

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The7 <= 11.6.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-29100

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'

6.1

CVE-2022-45065

Mar 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting	CVE-2023-30500	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 20, 2023
WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting	CVE-2023-35918	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 19, 2023
Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting	CVE-2023-34012	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2023
WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting	CVE-2023-33332	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 24, 2023
WooCommerce Follow-Up Emails <= 4.9.40 - Reflected Cross-Site Scripting	CVE-2023-33319	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Duplicator Pro <= 4.5.11 - Reflected Cross-Site Scripting	CVE-2023-33309	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Rank Math SEO PRO <= 3.0.35 - Reflected Cross-Site Scripting	CVE-2023-32800	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage	CVE-2023-32960	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2023
Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error'	CVE-2023-23900	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 17, 2023
Chaty <= 3.0.9 - Reflected Cross-Site Scripting	CVE-2023-25019	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2023
Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting	CVE-2023-32241	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2023
WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting	CVE-2023-32801	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 15, 2023
Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add	CVE-2023-33333	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting	CVE-2022-45366	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 11, 2023
Yoast SEO: Local <= 14.8 - Reflected Cross-Site Scripting	CVE-2023-32300	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 9, 2023
Advanced Custom Fields (Free and Pro) 5.8.10 to 5.12.5 & 6.0.0 to 6.1.5 - Reflected Cross-Site Scripting via 'post_status'	CVE-2023-30777	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 4, 2023
Flatsome <= 3.16.8 - Reflected Cross-Site Scripting in UX Builder	CVE-2023-28994	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 25, 2023
Betheme <= 26.7.5 - Reflected Cross-Site Scripting	CVE-2023-29101	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 13, 2023
The7 <= 11.6.0 - Reflected Cross-Site Scripting	CVE-2023-29100	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 6, 2023
SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab'	CVE-2022-45065	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 17, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation