Yuki Haruma

Title	CVE ID	CVSS	Vector	Date
JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions	CVE-2023-31087	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	June 2, 2023
Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery	CVE-2023-31088	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 31, 2023
Headless CMS <= 2.0.3 - Missing Authorization	CVE-2023-34186	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	May 30, 2023
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization	CVE-2023-29174	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 25, 2023
Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options	CVE-2023-33315	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 21, 2023
CALL ME NOW <= 3.0 - Cross-Site Request Forgery	CVE-2023-32602	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 12, 2023
Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags	CVE-2023-31232	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 28, 2023
Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection	CVE-2023-31092	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 26, 2023
Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30875	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 26, 2023
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode	CVE-2023-31073	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	April 24, 2023
Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings	CVE-2023-28783	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 24, 2023
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-27624	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-28174	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-28533	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
GPS Plotter <= 5.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30874	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-30876	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter	CVE-2023-28622	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 21, 2023
Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting	CVE-2023-27627	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 21, 2023
Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-30786	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-28414	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 18, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation