Wordfence Intelligence   >   Vulnerability Researchers   >   WPScanTeam

WPScanTeam

5
All Time Ranking
287
All Time Discoveries

Showing 101-120 of 287 Vulnerabilities

Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization
6.5
CVE-2022-4237
Dec 5, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read
6.5
CVE-2022-4236
Dec 5, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download
6.5
CVE-2022-4107
Nov 22, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download
6.5
CVE-2022-3762
Oct 27, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Browser and Operating System Finder <= 1.2 - Missing Authorization
6.5
CVE ID Unknown
Jun 2, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update
6.5
CVE ID Unknown
Mar 28, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change
6.5
CVE ID Unknown
Nov 3, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
SEO Redirection Plugin – 301 Redirect Manager <= 7.8 - Cross-Site Request Forgery
6.5
CVE ID Unknown
Sep 15, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update
6.5
CVE ID Unknown
Aug 30, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Jock on air now <= 5.6.1 - Cross-Site Request Forgery to Settings Update
6.5
CVE ID Unknown
Aug 18, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Elementor Addon Elements <= 1.11.7 - Cross-Site Request Forgery
6.5
CVE ID Unknown
Jul 20, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal
6.5
CVE-2019-15648
Jul 2, 2019
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0333
Jan 18, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2022-4497
Dec 19, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting
6.4
CVE ID Unknown
Aug 1, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
VDZ Google Analytics or Google Tag Manager / GTM <= 1.5.5 - Stored Cross-Site Scripting
6.4
CVE ID Unknown
Aug 2, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG
6.4
CVE ID Unknown
Jul 19, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update
6.3
CVE ID Unknown
Jan 3, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update
6.3
CVE ID Unknown
Jan 3, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
MWB Point of Sale (POS) for WooCommerce <= 1.0.0 - Missing Authorization
6.3
CVE ID Unknown
Aug 10, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Title CVE ID CVSS Vector Date
Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization CVE-2022-4237 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read CVE-2022-4236 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 5, 2022
SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download CVE-2022-4107 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N November 22, 2022
Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download CVE-2022-3762 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N October 27, 2022
Browser and Operating System Finder <= 1.2 - Missing Authorization 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L June 2, 2022
Shopping Cart & eCommerce Store <= 5.2.4 - Cross-Site Request Forgery to Settings Update 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N March 28, 2022
Event Manager and Tickets Selling Plugin for WooCommerce < 3.5.3 - Arbitrary Settings Change 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L November 3, 2021
SEO Redirection Plugin – 301 Redirect Manager <= 7.8 - Cross-Site Request Forgery 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H September 15, 2021
Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L August 30, 2021
Jock on air now <= 5.6.1 - Cross-Site Request Forgery to Settings Update 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N August 18, 2021
Elementor Addon Elements <= 1.11.7 - Cross-Site Request Forgery 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N July 20, 2021
Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal CVE-2019-15648 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N July 2, 2019
TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0333 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 18, 2023
Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2022-4497 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 19, 2022
Social Slider Feed <= 2.0.4 - Authenticated (Scubscriber+) Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2022
VDZ Google Analytics or Google Tag Manager / GTM <= 1.5.5 - Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 2, 2021
Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 19, 2021
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Settings Update 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L January 3, 2022
TrustMate.io integration for WooCommerce < 1.8.12 - Authenticated (Subscriber+) Arbitrary Blog Option Update 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L January 3, 2022
MWB Point of Sale (POS) for WooCommerce <= 1.0.0 - Missing Authorization 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L August 10, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation