🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Skalucy

Skalucy

All Time Ranking

All Time Discoveries

Showing 1-20 of 63 Vulnerabilities

Easy Captcha <= 1.0 - Missing Authorization via easy_captcha_update_settings

7.5

CVE-2023-33324

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page

6.5

CVE-2023-47648

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

List all posts by Authors, nested Categories and Title <= 2.7.10 - Cross-Site Scripting

6.1

CVE-2023-49182

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-30481

Jul 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-27455

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Watu Quiz <= 3.3.9.2 - Reflected Cross-Site Scripting via 'question'

6.1

CVE-2023-30483

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery

5.4

CVE-2024-25930

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Alter <= 1.0 - Cross-Site Request Forgery

5.4

CVE-2023-46780

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language

5.4

CVE-2023-37968

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries

5.4

CVE-2023-35913

Jun 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general

5.4

CVE-2023-31235

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Client Dash <= 2.2.1 - Missing Authorization

5.3

CVE-2024-33652

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Redirects <= 1.2.1 - Missing Authorization

5.3

CVE-2023-49845

Dec 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Consensu.io <= 1.0.2 - Missing Authorization via update_config_db()

5.3

CVE-2023-48280

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CopyRightPro <= 2.1 - Cross-Site Request Forgery

5.3

CVE-2023-44476

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Disabler <= 3.0.3 - Cross-Site Request Forgery

5.3

CVE-2023-37998

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP-FlyBox <= 6.46 - Cross-Site Request Forgery

5.3

CVE-2023-38381

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization

4.3

CVE-2024-32142

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Marker.io <= 1.1.8 - Cross-Site Request Forgery

4.3

CVE-2024-31427

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery

4.3

CVE-2024-31263

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Easy Captcha <= 1.0 - Missing Authorization via easy_captcha_update_settings	CVE-2023-33324	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	May 22, 2023
EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page	CVE-2023-47648	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 7, 2023
List all posts by Authors, nested Categories and Title <= 2.7.10 - Cross-Site Scripting	CVE-2023-49182	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 29, 2023
AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting	CVE-2023-30481	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 26, 2023
Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting	CVE-2023-27455	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 19, 2023
Watu Quiz <= 3.3.9.2 - Reflected Cross-Site Scripting via 'question'	CVE-2023-30483	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 13, 2023
Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery	CVE-2024-25930	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 20, 2024
Alter <= 1.0 - Cross-Site Request Forgery	CVE-2023-46780	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	October 26, 2023
Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language	CVE-2023-37968	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	July 12, 2023
OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries	CVE-2023-35913	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	June 21, 2023
Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general	CVE-2023-31235	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 3, 2023
Client Dash <= 2.2.1 - Missing Authorization	CVE-2024-33652	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 25, 2024
Redirects <= 1.2.1 - Missing Authorization	CVE-2023-49845	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 6, 2023
Consensu.io <= 1.0.2 - Missing Authorization via update_config_db()	CVE-2023-48280	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 23, 2023
CopyRightPro <= 2.1 - Cross-Site Request Forgery	CVE-2023-44476	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 29, 2023
Disabler <= 3.0.3 - Cross-Site Request Forgery	CVE-2023-37998	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 20, 2023
WP-FlyBox <= 6.46 - Cross-Site Request Forgery	CVE-2023-38381	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 20, 2023
Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization	CVE-2024-32142	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 16, 2024
Marker.io <= 1.1.8 - Cross-Site Request Forgery	CVE-2024-31427	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery	CVE-2024-31263	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 5, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation