🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

Wordfence Intelligence > Vulnerability Researchers > Taurus Omar

Taurus Omar

All Time Ranking

All Time Discoveries

20 Vulnerabilities

WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2606

Jul 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

6.1

CVE-2023-1893

Jun 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2029

Jun 19, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Brutal AI < 2.0.0 - Cross-Site Request Forgery to SQL Injection

8.8

CVE-2023-2601

Jun 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Brutal AI < 2.0.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-2605

Jun 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-2224

May 10, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

4.4

CVE-2023-2223

May 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

SEO ALert <= 1.5.9 - Authenticated(Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-2225

Apr 26, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Tablesome <= 1.0.8 - Reflected Cross-Site Scripting

6.1

CVE-2023-1890

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Header Footer Code Manager <= 1.1.23 - Cross-Site Scripting

6.1

CVE-2022-0899

Jun 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection

5.5

CVE-2022-2099

Jun 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Statistics <= 13.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-1005

May 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting

4.4

CVE-2022-1009

May 3, 2022

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting

6.1

CVE-2022-0953

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting

5.5

CVE-2022-1153

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting

6.1

CVE-2022-0864

Apr 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting

6.1

CVE-2022-0901

Apr 7, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting

5.5

CVE-2022-0994

Mar 23, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting

4.8

CVE-2022-1001

Mar 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2022-0765

Mar 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-2606	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	July 19, 2023
Login Configurator <= 2.1 - Reflected Cross-Site Scripting	CVE-2023-1893	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 26, 2023
PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-2029	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	June 19, 2023
WP Brutal AI < 2.0.0 - Cross-Site Request Forgery to SQL Injection	CVE-2023-2601	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 5, 2023
WP Brutal AI < 2.0.1 - Reflected Cross-Site Scripting	CVE-2023-2605	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 5, 2023
SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-2224	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 10, 2023
Login rebuilder <= 2.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-2223	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 2, 2023
SEO ALert <= 1.5.9 - Authenticated(Administrator+) Stored Cross-Site Scripting	CVE-2023-2225	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2023
Tablesome <= 1.0.8 - Reflected Cross-Site Scripting	CVE-2023-1890	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 19, 2023
Header Footer Code Manager <= 1.1.23 - Cross-Site Scripting	CVE-2022-0899	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 25, 2022
WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection	CVE-2022-2099	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 20, 2022
WP Statistics <= 13.2.1 - Reflected Cross-Site Scripting	CVE-2022-1005	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 11, 2022
Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting	CVE-2022-1009	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 3, 2022
Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting	CVE-2022-0953	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 11, 2022
LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting	CVE-2022-1153	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 11, 2022
UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting	CVE-2022-0864	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 7, 2022
Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting	CVE-2022-0901	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 7, 2022
Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting	CVE-2022-0994	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 23, 2022
WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting	CVE-2022-1001	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	March 22, 2022
Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting	CVE-2022-0765	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 22, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation