🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

434

All Time Discoveries

Showing 121-140 of 434 Vulnerabilities

Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection

8.8

CVE-2023-25990

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode

8.8

CVE-2023-31212

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2023-28777

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2022-45374

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps

8.8

CVE-2023-26015

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion

8.8

CVE-2023-23700

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-44580

Feb 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-38074

Jan 31, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-45820

Dec 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-44737

Nov 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-40200

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2022-38140

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sucuri Security <= 1.8.33 - Cross-Site Request Forgery

8.8

CVE-2022-29489

Sep 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery

8.8

CVE-2022-38093

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-29495

Jun 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery via 'ajax_import_options'

8.5

CVE-2023-39313

Aug 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms

8.5

CVE-2023-36679

Jul 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Essential Grid <= 3.0.18 - Missing Authorization

8.3

CVE-2023-47771

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Thrive Theme Builder < 3.24.0 - Missing Authorization

8.3

CVE-2023-47783

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization

8.3

CVE-2023-38385

Aug 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Title	CVE ID	CVSS	Vector	Date
Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection	CVE-2023-25990	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode	CVE-2023-31212	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection	CVE-2023-28777	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 22, 2023
YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion	CVE-2022-45374	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 18, 2023
MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps	CVE-2023-26015	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 6, 2023
OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion	CVE-2023-23700	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 27, 2023
Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection	CVE-2022-44580	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 8, 2023
WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection	CVE-2022-38074	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 31, 2023
LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection	CVE-2022-45820	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 20, 2022
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery	CVE-2022-44737	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 22, 2022
wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-40200	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2022
SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2022-38140	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 25, 2022
Sucuri Security <= 1.8.33 - Cross-Site Request Forgery	CVE-2022-29489	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 14, 2022
All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery	CVE-2022-38093	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 5, 2022
Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update	CVE-2022-29495	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2022
Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery via 'ajax_import_options'	CVE-2023-39313	8.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N	August 10, 2023
Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms	CVE-2023-36679	8.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N	July 14, 2023
Essential Grid <= 3.0.18 - Missing Authorization	CVE-2023-47771	8.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L	November 14, 2023
Thrive Theme Builder < 3.24.0 - Missing Authorization	CVE-2023-47783	8.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L	November 14, 2023
JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization	CVE-2023-38385	8.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L	August 13, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation