Wordfence Intelligence   >   Vulnerability Researchers   >   Veshraj Ghimire

Veshraj Ghimire

127
All Time Ranking
16
All Time Discoveries

16 Vulnerabilities

WP Private Message < 1.0.6 - Insecure Direct Object Reference
7.1
CVE-2023-0453
Jan 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2022-4114
Dec 9, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Workreap <= 2.6.3 - Insecure Direct Object Reference
5.4
CVE-2022-4239
Dec 2, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Workreap < 2.6.3 - Insecure Direct Objection Reference to Private Message Disclosure
5.4
CVE-2022-3846
Nov 12, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting
5.5
CVE-2022-3194
Sep 13, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Sensei LMS <= 4.4.3 - Information Disclosure
5.3
CVE-2022-2034
Aug 4, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Sensei LMS <= 4.5.1 - Missing Authorization
4.3
CVE-2022-2080
Aug 4, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization
6.3
CVE-2022-1323
Jul 12, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Ask Me <= 6.8.1 - Reflected Cross-Site Scripting
6.1
CVE-2022-1241
May 16, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure
5.3
CVE-2022-1598
May 10, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting
6.1
CVE-2022-1597
May 10, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields
5.4
CVE-2022-1051
Apr 21, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure
5.3
CVE-2022-1425
Apr 21, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting
5.4
CVE-2021-24545
Sep 21, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting
6.1
CVE-2021-24563
Sep 21, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2021-24544
Sep 21, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
WP Private Message < 1.0.6 - Insecure Direct Object Reference CVE-2023-0453 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N January 30, 2023
Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2022-4114 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 9, 2022
Workreap <= 2.6.3 - Insecure Direct Object Reference CVE-2022-4239 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L December 2, 2022
Workreap < 2.6.3 - Insecure Direct Objection Reference to Private Message Disclosure CVE-2022-3846 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 12, 2022
Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting CVE-2022-3194 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N September 13, 2022
Sensei LMS <= 4.4.3 - Information Disclosure CVE-2022-2034 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N August 4, 2022
Sensei LMS <= 4.5.1 - Missing Authorization CVE-2022-2080 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 4, 2022
Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization CVE-2022-1323 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L July 12, 2022
Ask Me <= 6.8.1 - Reflected Cross-Site Scripting CVE-2022-1241 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 16, 2022
WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure CVE-2022-1598 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 10, 2022
WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting CVE-2022-1597 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 10, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields CVE-2022-1051 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N April 21, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure CVE-2022-1425 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 21, 2022
WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2021-24545 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N September 21, 2021
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24563 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 21, 2021
Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2021-24544 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 21, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation