🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rio Darmawan

Rio Darmawan

Organization: Zerobyte

All Time Ranking

190

All Time Discoveries

Showing 1-20 of 190 Vulnerabilities

WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-22715

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2023-22716

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting

6.6

CVE-2023-23821

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-23996

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting

3.8

CVE-2023-23971

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery

4.3

CVE-2023-23984

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-23982

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting

5.5

CVE-2023-23987

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-23981

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

4.3

CVE-2023-23973

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-23870

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23675

Jan 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-24006

Jan 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-24001

Jan 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting

7.2

CVE-2023-24403

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-23995

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-24381

Jan 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting

4.4

CVE-2023-25064

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-25059

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25716

Feb 13, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-22715	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 17, 2023
OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-22716	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 17, 2023
Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting	CVE-2023-23821	6.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L	January 19, 2023
ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23996	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2023-23971	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	January 20, 2023
Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery	CVE-2023-23984	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23982	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting	CVE-2023-23987	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23981	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery	CVE-2023-23973	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23870	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23675	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 20, 2023
WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-24006	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 23, 2023
Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-24001	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 23, 2023
bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-24403	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23995	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-24381	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2023-25064	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2023
avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-25059	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2023
Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25716	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 13, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation