🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Ram

Ram

Organization: Wordfence

All Time Ranking

149

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 81-100 of 149 Vulnerabilities

Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2020-11516

Apr 2, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode

6.5

CVE-2023-0688

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode

6.5

CVE-2023-0693

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode

6.5

CVE-2023-0694

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action

6.5

CVE-2023-2280

May 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification

6.5

CVE-2022-1656

May 18, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion

6.5

CVE-2022-1658

May 18, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

6.5

CVE-2021-4333

Sep 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WordPress Download Manager <= 3.1.24 - Cross-Site Scripting

6.5

CVE-2021-34638

Jul 29, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Newsletter <= 6.8.1 - Reflected Cross-Site Scripting

6.5

CVE-2020-35933

Aug 3, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation/Deletion to Stored Cross-Site Scripting & Remote Code Execution

6.5

CVE-2020-12077

Apr 1, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion

7.1

CVE-2021-38312

Sep 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting

7.1

CVE ID Unknown

Jul 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification

7.1

CVE-2021-38345

Oct 13, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification

7.1

CVE-2020-11510

Apr 19, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0992

Apr 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-4712

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting

7.2

CVE-2020-11509

Apr 7, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

7.3

CVE ID Unknown

Mar 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

7.3

CVE ID Unknown

Apr 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting	CVE-2020-11516	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 2, 2020
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode	CVE-2023-0688	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode	CVE-2023-0693	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode	CVE-2023-0694	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 8, 2023
WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action	CVE-2023-2280	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	May 2, 2023
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification	CVE-2022-1656	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	May 18, 2022
Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion	CVE-2022-1658	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	May 18, 2022
WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation	CVE-2021-4333	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	September 11, 2021
WordPress Download Manager <= 3.1.24 - Cross-Site Scripting	CVE-2021-34638	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	July 29, 2021
Newsletter <= 6.8.1 - Reflected Cross-Site Scripting	CVE-2020-35933	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L	August 3, 2020
MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation/Deletion to Stored Cross-Site Scripting & Remote Code Execution	CVE-2020-12077	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L	April 1, 2020
Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion	CVE-2021-38312	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	September 1, 2021
Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 21, 2021
Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification	CVE-2021-38345	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	October 13, 2020
LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification	CVE-2020-11510	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	April 19, 2020
Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0992	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 25, 2023
WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-4712	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting	CVE-2020-11509	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 7, 2020
Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	March 19, 2021
Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	April 21, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation