🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rio Darmawan

Rio Darmawan

Organization: Zerobyte

All Time Ranking

190

All Time Discoveries

Showing 181-190 of 190 Vulnerabilities

For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes

4.3

CVE-2023-25038

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function

4.3

CVE-2023-25973

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle

4.3

CVE ID Unknown

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard

4.3

CVE-2023-25058

Feb 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery

4.3

CVE-2023-23984

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

CVE-2023-23973

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting

3.8

CVE-2023-23971

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

authLdap <= 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-41655

Sep 1, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-35092

Jun 15, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

3.3

CVE-2023-23822

May 24, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes	CVE-2023-25038	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 23, 2023
Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function	CVE-2023-25973	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 22, 2023
Get URL Cron <= 1.4.7 - Cross-Site Request Forgery via geturlcron_action_handle		4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard	CVE-2023-25058	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 13, 2023
Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery	CVE-2023-23984	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery	CVE-2023-23973	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2023-23971	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	January 20, 2023
authLdap <= 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41655	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	September 1, 2023
breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-35092	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	June 15, 2023
UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23822	3.3	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N	May 24, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation