Yuki Haruma

Vulnerabilities Discovered:

25
All Time Discoveries
6
Discoveries since May 11, 2023

Showing 1-20 of 25 vulnerabilities

Title CVE ID CVSS Vector Date
JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions CVE-2023-31087 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L June 2, 2023
Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery CVE-2023-31088 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 31, 2023
Headless CMS <= 2.0.3 - Missing Authorization CVE-2023-34186 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 30, 2023
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization CVE-2023-29174 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 25, 2023
Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options CVE-2023-33315 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L May 21, 2023
CALL ME NOW <= 3.0 - Cross-Site Request Forgery CVE-2023-32602 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N May 12, 2023
Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags CVE-2023-31232 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 28, 2023
Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection CVE-2023-31092 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 26, 2023
Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30875 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 26, 2023
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode CVE-2023-31073 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N April 24, 2023
Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings CVE-2023-28783 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2023
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27624 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28174 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-28533 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
GPS Plotter <= 5.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30874 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30876 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter CVE-2023-28622 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 21, 2023
Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting CVE-2023-27627 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 21, 2023
Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-30786 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 18, 2023
ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-28414 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 18, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation