13
All Time Ranking
157
All Time Discoveries

About

I am passionate about cybersecurity, GNU/Linux, and open source. I have been using Debian as my daily driver since 2013. I am a fan of Evangelion and My Hero Academia. And obviously, I am a big fan of the GOAT, Cristiano Ronaldo.

Showing 1-20 of 157 Vulnerabilities

Title CVE ID CVSS Vector Date
Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings CVE-2023-49180 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 29, 2023
SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-34018 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 27, 2023
BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-47654 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N November 7, 2023
ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php CVE-2023-47655 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N November 7, 2023
ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2023-47656 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 7, 2023
Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-47511 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 7, 2023
Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-47228 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2023
Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-47226 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2023
Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-23702 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2023
Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting] CVE-2023-47227 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2023
BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-45755 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N October 12, 2023
which template file <= 4.8.0 - Cross-Site Request Forgery CVE-2023-45753 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N October 12, 2023
LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery CVE-2023-45047 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L October 3, 2023
YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-45049 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 3, 2023
Social proof testimonials and reviews by Repuso <= 5.01 - Cross-Site Request Forgery CVE-2023-45048 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L October 3, 2023
Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-45051 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N October 3, 2023
Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-44987 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N October 2, 2023
Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2023-44230 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023
Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-44229 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023
Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-44228 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N September 28, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation