🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Ram

Ram

Organization: Wordfence

All Time Ranking

149

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 41-60 of 149 Vulnerabilities

Team Showcase <= 1.22.15 - Stored Cross-Site Scripting

7.5

CVE-2020-35937

Sep 17, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Team Showcase <= 1.22.15 - Object Injection

7.5

CVE-2020-35939

Sep 17, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Team Showcase <= 1.22.15 - Object Injection

7.5

CVE-2020-35938

Sep 17, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Team Showcase <= 1.22.15 - Stored Cross-Site Scripting

7.5

CVE-2020-35936

Sep 17, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation

7.5

CVE-2020-35935

Aug 14, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Newsletter <= 6.8.1 - Authenticated PHP Object Injection

7.5

CVE-2020-35932

Aug 2, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Page Builder <= 1.2.3 - Multiple Stored Cross-Site scripting

7.4

CVE-2021-24208

Apr 8, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Widget Settings Importer/Exporter Plugin <= 1.5.3 - Unauthorized Widget Import to Stored Cross-Site Scripting

7.4

CVE-2020-36769

Apr 15, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

7.4

CVE-2020-11515

Mar 25, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

7.3

CVE ID Unknown

Mar 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

7.3

CVE ID Unknown

Apr 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0992

Apr 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-4712

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting

7.2

CVE-2020-11509

Apr 7, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion

7.1

CVE-2021-38312

Sep 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting

7.1

CVE ID Unknown

Jul 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification

7.1

CVE-2021-38345

Oct 13, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification

7.1

CVE-2020-11510

Apr 19, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode

6.5

CVE-2023-0688

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode

6.5

CVE-2023-0693

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Team Showcase <= 1.22.15 - Stored Cross-Site Scripting	CVE-2020-35937	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	September 17, 2020
Team Showcase <= 1.22.15 - Object Injection	CVE-2020-35939	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	September 17, 2020
Team Showcase <= 1.22.15 - Object Injection	CVE-2020-35938	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	September 17, 2020
Team Showcase <= 1.22.15 - Stored Cross-Site Scripting	CVE-2020-35936	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	September 17, 2020
Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation	CVE-2020-35935	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	August 14, 2020
Newsletter <= 6.8.1 - Authenticated PHP Object Injection	CVE-2020-35932	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	August 2, 2020
WP Page Builder <= 1.2.3 - Multiple Stored Cross-Site scripting	CVE-2021-24208	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	April 8, 2021
Widget Settings Importer/Exporter Plugin <= 1.5.3 - Unauthorized Widget Import to Stored Cross-Site Scripting	CVE-2020-36769	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	April 15, 2020
Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint	CVE-2020-11515	7.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H	March 25, 2020
Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	March 19, 2021
Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	April 21, 2020
Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0992	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 25, 2023
WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-4712	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 19, 2023
WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting	CVE-2020-11509	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 7, 2020
Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion	CVE-2021-38312	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	September 1, 2021
Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 21, 2021
Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification	CVE-2021-38345	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	October 13, 2020
LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification	CVE-2020-11510	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	April 19, 2020
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode	CVE-2023-0688	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode	CVE-2023-0693	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 8, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation