🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rio Darmawan

Rio Darmawan

Organization: Zerobyte

All Time Ranking

190

All Time Discoveries

Showing 1-20 of 190 Vulnerabilities

authLdap <= 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-41655

Sep 1, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-35092

Jun 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-23822

May 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting

3.8

CVE-2023-23971

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery

4.3

CVE-2023-45749

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery

4.3

CVE-2023-45647

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Power Stats <= 2.2.3 - Cross-Site Request Forgery

4.3

CVE-2023-45011

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page

4.3

CVE-2023-44259

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Mang Board WP <= 1.8.1 - Cross-Site Request Forgery

4.3

CVE-2023-44257

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2023-41858

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

wpCentral <= 1.5.7 - Cross-Site Request Forgery

4.3

CVE-2023-41854

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Outbound Link Manager <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2023-41850

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Custom Post Template <= 1.0 - Cross-Site Request Forgery

4.3

CVE-2023-41851

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery

4.3

CVE-2023-41651

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Better Elementor Addons <= 1.3.8 - Missing Authorization

4.3

CVE-2023-41656

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery

4.3

CVE-2023-41650

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

authLdap <= 2.5.8 - Cross-Site Request Forgery

4.3

CVE-2023-41654

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content'

4.3

CVE-2023-25033

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options'

4.3

CVE-2023-27448

Aug 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor

4.3

CVE-2023-25480

Aug 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
authLdap <= 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41655	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	September 1, 2023
breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-35092	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	June 15, 2023
UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23822	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	May 24, 2023
WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2023-23971	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	January 20, 2023
AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery	CVE-2023-45749	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery	CVE-2023-45647	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
WP Power Stats <= 2.2.3 - Cross-Site Request Forgery	CVE-2023-45011	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page	CVE-2023-44259	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 27, 2023
Mang Board WP <= 1.8.1 - Cross-Site Request Forgery	CVE-2023-44257	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 27, 2023
Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery	CVE-2023-41858	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
wpCentral <= 1.5.7 - Cross-Site Request Forgery	CVE-2023-41854	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Outbound Link Manager <= 1.2 - Cross-Site Request Forgery	CVE-2023-41850	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
WP Custom Post Template <= 1.0 - Cross-Site Request Forgery	CVE-2023-41851	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery	CVE-2023-41651	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 1, 2023
Better Elementor Addons <= 1.3.8 - Missing Authorization	CVE-2023-41656	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 1, 2023
Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery	CVE-2023-41650	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 1, 2023
authLdap <= 2.5.8 - Cross-Site Request Forgery	CVE-2023-41654	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 1, 2023
Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content'	CVE-2023-25033	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 28, 2023
MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options'	CVE-2023-27448	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 28, 2023
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor	CVE-2023-25480	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 22, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation