🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > WPScanTeam

WPScanTeam

All Time Ranking

287

All Time Discoveries

Showing 261-280 of 287 Vulnerabilities

Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting

6.1

CVE-2022-4267

Dec 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery

8.8

CVE-2022-4266

Dec 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read

6.5

CVE-2022-4236

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization

6.5

CVE-2022-4237

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting

6.1

CVE-2022-4227

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Wholesale Market for WooCommerce < 2.0.0 - Authenticated (Administrator+) Arbitrary Log File Download

4.1

CVE-2022-4109

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4497

Dec 19, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Mautic Integration for WooCommerce < 1.0.3 - Cross-Site Request Forgery leading to Arbitrary Options Update

4.3

CVE-2022-4426

Dec 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Subscribe2 <= 10.37 - Cross-Site Request Forgery

7.1

CVE-2022-4309

Dec 22, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

WP Spell Check <= 9.12 - Cross-Site Request Forgery

5.4

CVE ID Unknown

Dec 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery

5.4

CVE-2022-4017

Jan 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset

4.3

CVE-2022-4553

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update

9.1

CVE-2022-4872

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting

4.7

CVE-2022-4552

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Simple URLs <= 114 - Reflected Cross-Site Scripting

6.1

CVE-2023-0099

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-0333

Jan 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WooLentor <= 2.5.3 - PHP Object Injection

9.8

CVE-2023-0232

Jan 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting

6.1

CVE-2022-4897

Jan 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation

4.3

CVE-2023-1089

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation

4.3

CVE-2023-1087

Feb 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting	CVE-2022-4267	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2022
Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery	CVE-2022-4266	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 2, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read	CVE-2022-4236	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	December 5, 2022
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization	CVE-2022-4237	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	December 5, 2022
Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting	CVE-2022-4227	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 5, 2022
Wholesale Market for WooCommerce < 2.0.0 - Authenticated (Administrator+) Arbitrary Log File Download	CVE-2022-4109	4.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N	December 12, 2022
Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4497	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2022
Mautic Integration for WooCommerce < 1.0.3 - Cross-Site Request Forgery leading to Arbitrary Options Update	CVE-2022-4426	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 20, 2022
Subscribe2 <= 10.37 - Cross-Site Request Forgery	CVE-2022-4309	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	December 22, 2022
WP Spell Check <= 9.12 - Cross-Site Request Forgery		5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	December 23, 2022
Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery	CVE-2022-4017	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	January 2, 2023
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset	CVE-2022-4553	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 4, 2023
WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update	CVE-2022-4872	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 4, 2023
FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting	CVE-2022-4552	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N	January 4, 2023
Simple URLs <= 114 - Reflected Cross-Site Scripting	CVE-2023-0099	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 17, 2023
TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0333	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 18, 2023
WooLentor <= 2.5.3 - PHP Object Injection	CVE-2023-0232	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 28, 2023
BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting	CVE-2022-4897	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 30, 2023
Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation	CVE-2023-1089	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 23, 2023
WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation	CVE-2023-1087	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 28, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation