Ram

Organization: Wordfence

14
All Time Ranking
149
All Time Discoveries
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023

Showing 1-20 of 149 Vulnerabilities

Title CVE ID CVSS Vector Date
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation CVE-2022-1654 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 18, 2022
PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24663 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H January 4, 2022
PHP Everywhere <= 2.0.3 - Remote Code Execution by Contributor+ users via gutenberg block CVE-2022-24665 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H January 4, 2022
PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox CVE-2022-24664 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H January 4, 2022
RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation CVE-2020-9456 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 5, 2020
RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings Import to Privilege Escalation CVE-2020-9457 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 5, 2020
Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload CVE-2021-24370 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 1, 2021
WooCommerce Upload Files <= 59.3 - Arbitrary File Upload CVE-2021-24171 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 4, 2021
Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint CVE-2020-11514 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 25, 2020
Total Donations <= 2.0.5 - Missing Authorization to Arbitrary Options Update CVE-2019-6703 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 25, 2019
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation CVE-2023-4243 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 8, 2023
Cyr to Lat <= 3.5 - Authenticated SQL Injection CVE-2022-4290 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 13, 2023
Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options CVE-2021-4334 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 5, 2023
Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution CVE-2022-1329 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 13, 2022
Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal CVE-2021-38346 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 13, 2021
WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting CVE-2021-34620 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H June 16, 2021
WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery CVE-2020-35942 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 17, 2020
WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2020-35943 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 17, 2020
Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass CVE-2022-3805 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L November 4, 2022
Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery CVE-2023-1895 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N June 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation