Yuki Haruma

Wordfence Intelligence   >   Vulnerability Researchers   >   Yuki Haruma

Vulnerabilities Discovered:

31
All Time Discoveries
0
Discoveries since Aug 30, 2023

Showing 1-20 of 31 vulnerabilities

Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection
8.8
CVE-2023-31092
Apr 26, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting
7.2
CVE-2023-40335
Aug 17, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Headless CMS <= 2.0.3 - Missing Authorization
6.5
CVE-2023-34186
May 30, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode
6.5
CVE-2023-31073
Apr 24, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-37983
Jul 12, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags
6.4
CVE-2023-31232
Apr 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter
6.4
CVE-2023-28622
Apr 21, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2023-29097
Apr 10, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting
6.1
CVE-2023-27627
Apr 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings
5.5
CVE-2023-28783
Apr 24, 2023
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions
5.4
CVE-2023-31087
Jun 2, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options
5.4
CVE-2023-33315
May 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Enhanced Plugin Admin <= 1.16 - Cross-Site Request Forgery via epa_options_page
5.4
CVE-2023-28618
Mar 21, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization
5.3
CVE-2023-29174
May 25, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Branded Social Images <= 1.1.0 - Missing Authorization leading to Unauthenticated Plugin Settings Updates
5.3
CVE-2023-28536
Mar 20, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-2023-28790
Aug 17, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-37388
Jul 5, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-28415
Jun 28, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-30875
Apr 26, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
4.4
CVE-2023-27624
Apr 21, 2023
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection CVE-2023-31092 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 26, 2023
Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting CVE-2023-40335 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N August 17, 2023
Headless CMS <= 2.0.3 - Missing Authorization CVE-2023-34186 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N May 30, 2023
Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode CVE-2023-31073 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N April 24, 2023
Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-37983 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 12, 2023
Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags CVE-2023-31232 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 28, 2023
Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter CVE-2023-28622 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 21, 2023
a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2023-29097 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 10, 2023
Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting CVE-2023-27627 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 21, 2023
Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings CVE-2023-28783 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N April 24, 2023
JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions CVE-2023-31087 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L June 2, 2023
Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options CVE-2023-33315 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L May 21, 2023
Enhanced Plugin Admin <= 1.16 - Cross-Site Request Forgery via epa_options_page CVE-2023-28618 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L March 21, 2023
SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization CVE-2023-29174 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N May 25, 2023
Branded Social Images <= 1.1.0 - Missing Authorization leading to Unauthenticated Plugin Settings Updates CVE-2023-28536 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 20, 2023
Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2023-28790 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N August 17, 2023
Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-37388 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N July 5, 2023
Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting CVE-2023-28415 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N June 28, 2023
Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-30875 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 26, 2023
Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings CVE-2023-27624 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N April 21, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation