🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Sean Murphy

Sean Murphy

152

All Time Ranking

All Time Discoveries

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

13 Vulnerabilities

Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

8.1

CVE-2024-0866

Mar 25, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys

8.6

CVE-2024-0368

Mar 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data

6.5

CVE-2024-1043

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update

4.3

CVE-2024-0835

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update

8.8

CVE-2024-0869

Jan 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation

6.5

CVE-2024-0679

Jan 19, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device

7.2

CVE-2023-7027

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping

9.1

CVE ID Unknown

Mar 6, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update

5.4

CVE-2020-9459

Feb 27, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution

8.8

CVE-2019-15324

Jul 15, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Maintenance Mode <= 2.0.6 - Remote Code Execution

9.1

CVE-2018-20156

Dec 14, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

WP Maintenance Mode <= 2.0.6 - Missing Authorization

5.4

CVE-2018-20155

Jul 6, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

EWWW Image Optimizer <= 2.8.4 - Remote Code Execution

9.6

CVE-2016-20010

Jun 8, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection	CVE-2024-0866	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	March 25, 2024
Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys	CVE-2024-0368	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	March 12, 2024
AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data	CVE-2024-1043	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	February 6, 2024
Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update	CVE-2024-0835	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 5, 2024
Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update	CVE-2024-0869	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	January 29, 2024
ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation	CVE-2024-0679	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	January 19, 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device	CVE-2023-7027	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 2, 2024
Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	March 6, 2020
Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update	CVE-2020-9459	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	February 27, 2020
Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution	CVE-2019-15324	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 15, 2019
WP Maintenance Mode <= 2.0.6 - Remote Code Execution	CVE-2018-20156	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	December 14, 2018
WP Maintenance Mode <= 2.0.6 - Missing Authorization	CVE-2018-20155	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	July 6, 2016
EWWW Image Optimizer <= 2.8.4 - Remote Code Execution	CVE-2016-20010	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	June 8, 2016

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation