Veshraj Ghimire

120
All Time Ranking
16
All Time Discoveries

16 Vulnerabilities

Title CVE ID CVSS Vector Date
WP Private Message < 1.0.6 - Insecure Direct Object Reference CVE-2023-0453 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N January 30, 2023
Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2022-4114 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 9, 2022
Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2021-24544 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 21, 2021
Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization CVE-2022-1323 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L July 12, 2022
Ask Me <= 6.8.1 - Reflected Cross-Site Scripting CVE-2022-1241 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 16, 2022
WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting CVE-2022-1597 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 10, 2022
Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24563 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 21, 2021
Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting CVE-2022-3194 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N September 13, 2022
Workreap <= 2.6.3 - Insecure Direct Object Reference CVE-2022-4239 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L December 2, 2022
Workreap < 2.6.3 - Insecure Direct Objection Reference to Private Message Disclosure CVE-2022-3846 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N November 12, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields CVE-2022-1051 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N April 21, 2022
WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2021-24545 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N September 21, 2021
Sensei LMS <= 4.4.3 - Information Disclosure CVE-2022-2034 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N August 4, 2022
WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure CVE-2022-1598 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N May 10, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure CVE-2022-1425 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N April 21, 2022
Sensei LMS <= 4.5.1 - Missing Authorization CVE-2022-2080 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 4, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation