🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rio Darmawan

Rio Darmawan

Organization: Zerobyte

All Time Ranking

190

All Time Discoveries

Showing 161-180 of 190 Vulnerabilities

Outbound Link Manager <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2023-41850

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

wpCentral <= 1.5.7 - Cross-Site Request Forgery

4.3

CVE-2023-41854

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2023-41858

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-41859

Sep 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init

5.3

CVE-2023-44258

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Mang Board WP <= 1.8.1 - Cross-Site Request Forgery

4.3

CVE-2023-44257

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page

4.3

CVE-2023-44259

Sep 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-44264

Sep 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-44262

Sep 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-44265

Sep 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Adminify <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-44266

Sep 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-44263

Oct 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery

5.4

CVE-2023-44997

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

WP Power Stats <= 2.2.3 - Cross-Site Request Forgery

4.3

CVE-2023-45011

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Post View Count <= 2.0 - Cross-Site Request Forgery

5.4

CVE-2023-44996

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-45010

Oct 3, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-45057

Oct 3, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-45056

Oct 3, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery

4.3

CVE-2023-45749

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery

4.3

CVE-2023-45647

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Outbound Link Manager <= 1.2 - Cross-Site Request Forgery	CVE-2023-41850	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
wpCentral <= 1.5.7 - Cross-Site Request Forgery	CVE-2023-41854	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery	CVE-2023-41858	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-41859	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init	CVE-2023-44258	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 27, 2023
Mang Board WP <= 1.8.1 - Cross-Site Request Forgery	CVE-2023-44257	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 27, 2023
Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page	CVE-2023-44259	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 27, 2023
The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-44264	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 28, 2023
Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-44262	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2023
Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-44265	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2023
WP Adminify <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-44266	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2023
Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-44263	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 2, 2023
WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery	CVE-2023-44997	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 3, 2023
WP Power Stats <= 2.2.3 - Cross-Site Request Forgery	CVE-2023-45011	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Post View Count <= 2.0 - Cross-Site Request Forgery	CVE-2023-44996	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	October 3, 2023
Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-45010	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-45057	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
Open User Map \| Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-45056	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery	CVE-2023-45749	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery	CVE-2023-45647	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation