🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

420

All Time Discoveries

Showing 101-120 of 420 Vulnerabilities

Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion

8.8

CVE-2023-47679

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2023-46149

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2023-46147

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Themify Ultra <= 7.3.5 - Privilege Escalation

8.8

CVE-2023-46145

Oct 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'

8.8

CVE-2023-45657

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Simple Membership <= 4.3.4 - Account Takeover via Password Reset

8.8

CVE-2023-41956

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation

8.8

CVE-2023-41955

Sep 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload

8.8

CVE-2023-40204

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction

8.8

CVE-2023-39312

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-39309

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`

8.8

CVE-2023-35881

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JetElements <= 2.6.10 - Authenticated (Contributor+) Remote Code Execution

8.8

CVE-2023-39157

Aug 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation

8.8

CVE-2023-37866

Jul 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2023-3295

Jun 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection

8.8

CVE-2023-25800

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection

8.8

CVE-2023-25990

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode

8.8

CVE-2023-31212

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-28777

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2022-45374

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps

8.8

CVE-2023-26015

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion	CVE-2023-47679	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2023-46149	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) PHP Object Injection	CVE-2023-46147	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
Themify Ultra <= 7.3.5 - Privilege Escalation	CVE-2023-46145	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 17, 2023
Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'	CVE-2023-45657	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 12, 2023
Simple Membership <= 4.3.4 - Account Takeover via Password Reset	CVE-2023-41956	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 25, 2023
Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation	CVE-2023-41955	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 14, 2023
Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload	CVE-2023-40204	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 28, 2023
Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction	CVE-2023-39312	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection	CVE-2023-39309	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout`	CVE-2023-35881	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 10, 2023
JetElements <= 2.6.10 - Authenticated (Contributor+) Remote Code Execution	CVE-2023-39157	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 3, 2023
JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation	CVE-2023-37866	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 10, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2023-3295	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 16, 2023
Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection	CVE-2023-25800	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection	CVE-2023-25990	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode	CVE-2023-31212	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection	CVE-2023-28777	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	CVE-2022-45374	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 18, 2023
MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps	CVE-2023-26015	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation