🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rasi Afeef

Rasi Afeef

All Time Ranking

All Time Discoveries

Showing 1-20 of 29 Vulnerabilities

Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery

8.8

CVE-2022-43459

Oct 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE ID Unknown

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Auto Upload Images <= 3.3 - Cross-Site Request Forgery

8.8

CVE-2022-42880

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion

8.8

CVE-2022-38139

Oct 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery

8.8

CVE-2022-30544

Sep 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Media Library Folders <= 7.1.1 - Cross-Site Request Forgery

8.8

CVE-2022-41634

Sep 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset

5.3

CVE-2022-36418

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset

5.3

CVE-2022-38057

Sep 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change

6.5

CVE-2022-40218

Sep 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update

8.8

CVE-2022-35730

Sep 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery

8.8

CVE-2022-38454

Sep 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

3D Tag Cloud <= 3.8 - Cross-Site Request Forgery

8.8

CVE-2022-36417

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update

8.8

CVE-2022-38139

Sep 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update

8.8

CVE-2022-36798

Sep 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2022-36796

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update

8.8

CVE-2022-37411

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

GetResponse <= 5.5.19 - Cross-Site Request Forgery

8.8

CVE-2022-35277

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery

8.8

CVE-2022-36373

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update

8.8

CVE-2022-37405

Aug 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update

8.8

CVE-2022-37405

Aug 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery	CVE-2022-43459	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 29, 2022
Auto Upload Images <= 3.3 - Authenticated (Admin+) Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2022
Auto Upload Images <= 3.3 - Cross-Site Request Forgery	CVE-2022-42880	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 24, 2022
RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion	CVE-2022-38139	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2022
OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery	CVE-2022-30544	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 30, 2022
Media Library Folders <= 7.1.1 - Cross-Site Request Forgery	CVE-2022-41634	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 30, 2022
HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset	CVE-2022-36418	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 29, 2022
TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset	CVE-2022-38057	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 27, 2022
TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change	CVE-2022-40218	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	September 27, 2022
Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-35730	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 27, 2022
Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery	CVE-2022-38454	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 23, 2022
3D Tag Cloud <= 3.8 - Cross-Site Request Forgery	CVE-2022-36417	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 22, 2022
RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-38139	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 11, 2022
Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update	CVE-2022-36798	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 2, 2022
CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-36796	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 1, 2022
Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-37411	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 1, 2022
GetResponse <= 5.5.19 - Cross-Site Request Forgery	CVE-2022-35277	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 1, 2022
MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery	CVE-2022-36373	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 1, 2022
Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-37405	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 25, 2022
Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update	CVE-2022-37405	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 25, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation