🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Ram

Ram

Organization: Wordfence

All Time Ranking

149

All Time Discoveries

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 121-140 of 149 Vulnerabilities

WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X <= 0.98 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2020-11508

Apr 7, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

IMPress for IDX Broker <= 2.6.1 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2020-11512

Mar 26, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update

5.4

CVE-2020-9459

Feb 27, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure

5.3

CVE-2021-38314

Sep 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode

4.9

CVE-2023-0710

Jun 8, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Nested Pages <= 3.1.15 - Open Redirect

4.7

CVE-2021-38343

Aug 25, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Product Vendors <= 2.0.35 - Reflected Cross Site Scripting

4.7

CVE ID Unknown

Aug 22, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode

4.3

CVE-2023-0689

Aug 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check

4.3

CVE-2023-4242

Aug 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode

4.3

CVE-2023-0691

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode

4.3

CVE-2023-0692

Jun 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint

4.3

CVE-2023-1910

Jun 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

4.3

CVE-2023-0583

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update

4.3

CVE-2023-0584

Jun 2, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Shield Security <= 17.0.17 - Missing Authorization

4.3

CVE-2023-0993

Apr 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

4.3

CVE-2023-1169

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

4.3

CVE-2023-0831

Feb 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot

4.3

CVE-2023-0832

Feb 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion

4.3

CVE-2022-4703

Jan 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification

4.3

CVE-2022-4708

Jan 10, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X <= 0.98 - Authenticated Stored Cross-Site Scripting	CVE-2020-11508	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	April 7, 2020
IMPress for IDX Broker <= 2.6.1 - Authenticated Stored Cross-Site Scripting	CVE-2020-11512	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	March 26, 2020
Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update	CVE-2020-9459	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	February 27, 2020
Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure	CVE-2021-38314	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 1, 2021
Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode	CVE-2023-0710	4.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N	June 8, 2023
Nested Pages <= 3.1.15 - Open Redirect	CVE-2021-38343	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N	August 25, 2021
Product Vendors <= 2.0.35 - Reflected Cross Site Scripting		4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N	August 22, 2017
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode	CVE-2023-0689	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	August 30, 2023
FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check	CVE-2023-4242	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	August 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode	CVE-2023-0691	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	June 8, 2023
Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode	CVE-2023-0692	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	June 8, 2023
Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint	CVE-2023-1910	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 6, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update	CVE-2023-0583	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 2, 2023
VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update	CVE-2023-0584	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 2, 2023
Shield Security <= 17.0.17 - Missing Authorization	CVE-2023-0993	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 25, 2023
OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload	CVE-2023-1169	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 18, 2023
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice	CVE-2023-0831	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 10, 2023
Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot	CVE-2023-0832	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion	CVE-2022-4703	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	January 10, 2023
Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification	CVE-2022-4708	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 10, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation