🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

420

All Time Discoveries

Showing 1-20 of 420 Vulnerabilities

Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name'

6.1

CVE-2022-45084

May 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Download Manager <= 3.2.42 - Reflected Cross-Site Scripting

6.1

CVE-2022-1985

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-29495

Jun 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection

9.8

CVE-2022-33965

Jul 6, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation

5.5

CVE-2022-28700

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

GiveWP <= 2.20.2 - Authenticated Arbitrary File Read

4.9

CVE-2022-31475

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload

7.2

CVE-2022-2046

Jul 18, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Rank Math SEO <= 1.0.95 - Server-Side Request Forgery

5.4

CVE-2022-36376

Aug 12, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery

8.8

CVE-2022-38093

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Sucuri Security <= 1.8.33 - Cross-Site Request Forgery

8.8

CVE-2022-29489

Sep 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2022-38140

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery

5.5

CVE-2022-42494

Oct 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2022-40200

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-44737

Nov 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Download Manager <= 3.2.59 - Refleced Cross-Site Scripting

6.1

CVE-2022-45836

Nov 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Loginizer <= 1.7.5 - Cross-Site Request Forgery

4.3

CVE-2022-45079

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-45820

Dec 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion

9.8

CVE-2022-47615

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion

6.5

CVE-2023-23888

Jan 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-38074

Jan 31, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name'	CVE-2022-45084	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 12, 2022
Download Manager <= 3.2.42 - Reflected Cross-Site Scripting	CVE-2022-1985	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2022
Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update	CVE-2022-29495	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 30, 2022
WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection	CVE-2022-33965	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 6, 2022
GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation	CVE-2022-28700	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N	July 12, 2022
GiveWP <= 2.20.2 - Authenticated Arbitrary File Read	CVE-2022-31475	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	July 12, 2022
Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload	CVE-2022-2046	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 18, 2022
Rank Math SEO <= 1.0.95 - Server-Side Request Forgery	CVE-2022-36376	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	August 12, 2022
All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery	CVE-2022-38093	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 5, 2022
Sucuri Security <= 1.8.33 - Cross-Site Request Forgery	CVE-2022-29489	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 14, 2022
SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2022-38140	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 25, 2022
All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery	CVE-2022-42494	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 28, 2022
wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2022-40200	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 9, 2022
All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery	CVE-2022-44737	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 22, 2022
Download Manager <= 3.2.59 - Refleced Cross-Site Scripting	CVE-2022-45836	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 29, 2022
Loginizer <= 1.7.5 - Cross-Site Request Forgery	CVE-2022-45079	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2022
LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection	CVE-2022-45820	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 20, 2022
LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion	CVE-2022-47615	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 20, 2023
RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion	CVE-2023-23888	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	January 30, 2023
WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection	CVE-2022-38074	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 31, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation