🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafshanzani Suhada

Rafshanzani Suhada

All Time Ranking

All Time Discoveries

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 93 Vulnerabilities

Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion

9.1

CVE-2023-44227

Sep 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection

8.3

CVE-2023-23796

Jun 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

GiveWP <= 2.25.1 - Unauthenticated CSV Injection

8.3

CVE-2023-22719

Mar 8, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure

7.5

CVE-2023-6266

Nov 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure

7.5

CVE-2022-2369

Jul 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Master Addons for Elementor <= 2.0.5.3 - Missing Authorization

7.3

CVE-2023-40679

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-34179

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-25020

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-2565

Aug 10, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-2559

Aug 2, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery

7.1

CVE-2023-24419

Feb 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Pods <= 2.9.10.2 - Cross-Site Request Forgery

7.1

CVE-2023-23790

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection

6.6

CVE-2023-23991

Jan 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log

6.5

CVE-2023-45275

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure

6.5

CVE-2023-36523

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Form Builder <= 1.9.9.0 - Cross-Site Request Forgery

6.5

CVE-2023-23795

Jun 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-6500

Mar 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting

6.4

CVE-2023-6645

Dec 15, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

6.4

CVE-2023-49168

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-48770

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion	CVE-2023-44227	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	September 28, 2023
Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection	CVE-2023-23796	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	June 28, 2023
GiveWP <= 2.25.1 - Unauthenticated CSV Injection	CVE-2023-22719	8.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	March 8, 2023
Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure	CVE-2023-6266	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 30, 2023
YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure	CVE-2022-2369	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 11, 2022
Master Addons for Elementor <= 2.0.5.3 - Missing Authorization	CVE-2023-40679	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	August 22, 2023
Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection	CVE-2023-34179	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-25020	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 6, 2023
Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-2565	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 10, 2022
Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection	CVE-2022-2559	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 2, 2022
Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery	CVE-2023-24419	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	February 1, 2023
Pods <= 2.9.10.2 - Cross-Site Request Forgery	CVE-2023-23790	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	January 20, 2023
Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection	CVE-2023-23991	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	January 20, 2023
Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log	CVE-2023-45275	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	October 6, 2023
Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure	CVE-2023-36523	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	June 27, 2023
Form Builder <= 1.9.9.0 - Cross-Site Request Forgery	CVE-2023-23795	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	June 19, 2023
Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-6500	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 12, 2024
Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting	CVE-2023-6645	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 15, 2023
BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2023-49168	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 29, 2023
Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-48770	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 28, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation