🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Ram

Ram

Organization: Wordfence

All Time Ranking

149

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 121-140 of 149 Vulnerabilities

HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe

8.1

CVE-2021-39333

Oct 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Nested Pages <= 3.1.15 - Cross-Site Request Forgery to Arbitrary Post Deletion and Modification

8.1

CVE-2021-38342

Aug 25, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter

8.1

CVE-2020-11511

Apr 20, 2020

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

IMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion

8.1

CVE-2020-9514

Mar 26, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection

8.3

CVE-2023-0721

Jun 8, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

TC Custom JavaScript <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting

8.3

CVE-2020-14063

Jul 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

WP Lead Plus X <= 0.99 - Cross-Site Request Forgery

8.3

CVE ID Unknown

Apr 7, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting

8.3

CVE-2020-10196

Mar 12, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery

8.5

CVE-2023-1895

Jun 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Booking Calendar <= 9.1 - PHP Object Injection via Shortcode

8.5

CVE-2022-1463

Apr 18, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass

8.6

CVE-2022-3805

Nov 4, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation

8.8

CVE-2023-4243

Aug 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Cyr to Lat <= 3.5 - Authenticated SQL Injection

8.8

CVE-2022-4290

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options

8.8

CVE-2021-4334

Apr 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution

8.8

CVE-2022-1329

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal

8.8

CVE-2021-38346

Oct 13, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting

8.8

CVE-2021-34620

Jun 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery

8.8

CVE-2020-35942

Dec 17, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVE-2020-35943

Dec 17, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload

9.8

CVE-2021-24370

Jun 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe	CVE-2021-39333	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	October 26, 2021
Nested Pages <= 3.1.15 - Cross-Site Request Forgery to Arbitrary Post Deletion and Modification	CVE-2021-38342	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	August 25, 2021
LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter	CVE-2020-11511	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	April 20, 2020
IMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion	CVE-2020-9514	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	March 26, 2020
Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection	CVE-2023-0721	8.3	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	June 8, 2023
TC Custom JavaScript <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2020-14063	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	July 21, 2020
WP Lead Plus X <= 0.99 - Cross-Site Request Forgery		8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H	April 7, 2020
Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting	CVE-2020-10196	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	March 12, 2020
Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery	CVE-2023-1895	8.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N	June 6, 2023
Booking Calendar <= 9.1 - PHP Object Injection via Shortcode	CVE-2022-1463	8.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	April 18, 2022
Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass	CVE-2022-3805	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L	November 4, 2022
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation	CVE-2023-4243	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 8, 2023
Cyr to Lat <= 3.5 - Authenticated SQL Injection	CVE-2022-4290	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 13, 2023
Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options	CVE-2021-4334	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 5, 2023
Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution	CVE-2022-1329	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 13, 2022
Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal	CVE-2021-38346	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 13, 2021
WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting	CVE-2021-34620	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 16, 2021
WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery	CVE-2020-35942	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 17, 2020
WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload	CVE-2020-35943	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 17, 2020
Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload	CVE-2021-24370	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 1, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation