Skalucy

45
All Time Ranking
55
All Time Discoveries

Showing 1-20 of 55 Vulnerabilities

Title CVE ID CVSS Vector Date
Easy Captcha <= 1.0 - Missing Authorization via easy_captcha_update_settings CVE-2023-33324 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N May 22, 2023
EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page CVE-2023-47648 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L November 7, 2023
List all posts by Authors, nested Categories and Title <= 2.7.10 - Cross-Site Scripting CVE-2023-49182 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 29, 2023
AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting CVE-2023-30481 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 26, 2023
Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting CVE-2023-27455 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 19, 2023
Watu Quiz <= 3.3.9.2 - Reflected Cross-Site Scripting via 'question' CVE-2023-30483 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 13, 2023
Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery CVE-2024-25930 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 20, 2024
Alter <= 1.0 - Cross-Site Request Forgery CVE-2023-46780 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N October 26, 2023
Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language CVE-2023-37968 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L July 12, 2023
OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries CVE-2023-35913 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L June 21, 2023
Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general CVE-2023-31235 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L May 3, 2023
Redirects <= 1.2.1 - Missing Authorization CVE-2023-49845 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N December 6, 2023
Consensu.io <= 1.0.2 - Missing Authorization via update_config_db() CVE-2023-48280 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N November 23, 2023
CopyRightPro <= 2.1 - Cross-Site Request Forgery CVE-2023-44476 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 29, 2023
WP-FlyBox <= 6.46 - Cross-Site Request Forgery CVE-2023-38381 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 20, 2023
Disabler <= 3.0.3 - Cross-Site Request Forgery CVE-2023-37998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 20, 2023
WP Contact Form <= 1.6 - Cross-Site Request Forgery via wpcf_adminpage CVE-2024-24929 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 9, 2024
Post Video Players <= 1.159 - Cross-Site Request Forgery via cincopa_mp_mt_options_page CVE-2024-23515 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 30, 2024
FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery CVE-2024-22304 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 17, 2024
Floating Button <= 6.0 - Cross-Site Request Forgery via process_bulk_action CVE-2023-52149 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N December 28, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation