🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

420

All Time Discoveries

Showing 81-100 of 420 Vulnerabilities

HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection

8.8

CVE-2023-52205

Jan 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection

8.8

CVE-2023-52182

Dec 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion

8.8

CVE-2023-51418

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload

8.8

CVE-2023-51417

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload

8.8

CVE-2023-51421

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload

8.8

CVE-2023-51410

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection

8.8

CVE-2023-51545

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery

8.8

CVE-2023-51474

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2023-51470

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Build App Online <= 1.0.19 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update

8.8

CVE-2023-51479

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation

8.8

CVE-2023-51398

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Uncode Core <= 2.8.8 - Privilege Escalation

8.8

CVE-2023-51515

Dec 21, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-49825

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox

8.8

CVE-2023-49830

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation

8.8

CVE-2023-48757

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload

8.8

CVE-2023-47846

Nov 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery

8.8

CVE-2023-47781

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Thrive Theme Builder < 3.24.0 - Privilege Escalation

8.8

CVE-2023-47782

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVE-2023-47683

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP User Frontend <= 3.6.5 - Authenticated (Author+) Privilege Escalation

8.8

CVE-2023-47682

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection	CVE-2023-52205	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 3, 2024
ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection	CVE-2023-52182	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 29, 2023
JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion	CVE-2023-51418	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload	CVE-2023-51417	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload	CVE-2023-51421	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload	CVE-2023-51410	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection	CVE-2023-51545	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 27, 2023
TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery	CVE-2023-51474	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection	CVE-2023-51470	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Build App Online <= 1.0.19 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update	CVE-2023-51479	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation	CVE-2023-51398	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 26, 2023
Uncode Core <= 2.8.8 - Privilege Escalation	CVE-2023-51515	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection	CVE-2023-49825	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox	CVE-2023-49830	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 5, 2023
JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation	CVE-2023-48757	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 28, 2023
WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload	CVE-2023-47846	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2023
Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery	CVE-2023-47781	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 14, 2023
Thrive Theme Builder < 3.24.0 - Privilege Escalation	CVE-2023-47782	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 14, 2023
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation	CVE-2023-47683	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2023
WP User Frontend <= 3.6.5 - Authenticated (Author+) Privilege Escalation	CVE-2023-47682	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation