🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Scott Kingsley Clark

Scott Kingsley Clark

171

All Time Ranking

All Time Discoveries

11 Vulnerabilities

Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta

4.3

CVE-2024-1204

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WooCommerce <= 8.5.2 - Missing Authorization to Private/Draft Product Disclosure

4.3

CVE-2024-1310

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Schema Pro <= 2.7.15 - Authenticated (Contributor+) Custom Field Access

4.3

CVE-2024-1564

Mar 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Formidable Registration <= 2.11 - Authenticated (Contributor+) Arbitrary User Password Reset To Account Takeover

8.8

CVE-2024-1290

Feb 19, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode

4.3

CVE-2024-1279

Feb 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure

5.3

CVE ID Unknown

Feb 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure

4.3

CVE-2024-1316

Feb 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Events Tickets Plus <= 5.9.0 - Missing Authorization to Information Exposure

5.4

CVE-2024-1319

Feb 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting

6.4

CVE ID Unknown

Jun 25, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gravityforms <= 1.9.3.5 - SQL Injection

9.1

CVE-2015-2260

Mar 17, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection

9.8

CVE ID Unknown

Mar 16, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta	CVE-2024-1204	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 25, 2024
WooCommerce <= 8.5.2 - Missing Authorization to Private/Draft Product Disclosure	CVE-2024-1310	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 25, 2024
Schema Pro <= 2.7.15 - Authenticated (Contributor+) Custom Field Access	CVE-2024-1564	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	March 4, 2024
Formidable Registration <= 2.11 - Authenticated (Contributor+) Arbitrary User Password Reset To Account Takeover	CVE-2024-1290	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 19, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode	CVE-2024-1279	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 16, 2024
Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) User Meta Disclosure		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 8, 2024
Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure	CVE-2024-1316	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 8, 2024
Events Tickets Plus <= 5.9.0 - Missing Authorization to Information Exposure	CVE-2024-1319	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	February 8, 2024
Paid Memberships Pro – Restrict Member Access to Content, Courses, Communities – Free or Paid Subscriptions <= 2.5.9.1 - Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 25, 2021
Gravityforms <= 1.9.3.5 - SQL Injection	CVE-2015-2260	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	March 17, 2015
Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 16, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation