🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > yuyudhn

yuyudhn

All Time Ranking

157

All Time Discoveries

About

I am passionate about cybersecurity, GNU/Linux, and open source. I have been using Debian as my daily driver since 2013. I am a fan of Evangelion and My Hero Academia. And obviously, I am a big fan of the GOAT, Cristiano Ronaldo.

Showing 61-80 of 157 Vulnerabilities

Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery

5.4

CVE-2023-24417

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery

5.4

CVE-2023-27632

Mar 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Leyka <= 3.29.2 - Cross-Site Request Forgery

5.4

CVE-2023-27442

Mar 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function

5.4

CVE-2023-25481

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function

5.4

CVE-2023-25481

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting

5.4

CVE-2023-23864

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation

5.3

CVE-2023-41796

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing

5.3

CVE-2023-38520

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EventPrime <= 2.8.6 - Sensitive Information Exposure

5.3

CVE-2023-33321

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change

5.3

CVE-2023-32127

May 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure

5.3

CVE-2023-25057

Apr 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass

5.3

CVE-2023-27437

Mar 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation

5.3

CVE-2023-25785

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Quiz Maker <= 6.3.9.4 - Content Spoofing

5.3

CVE-2023-23985

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

My Tickets <= 1.9.11 - Authorization Bypass

5.3

CVE-2023-23988

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection

5.3

CVE-2023-23989

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change

5.3

CVE-2023-23976

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter

5.0

CVE-2023-33310

May 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-34018

Nov 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-47511

Nov 7, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery	CVE-2023-24417	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	May 30, 2023
Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery	CVE-2023-27632	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	March 8, 2023
Leyka <= 3.29.2 - Cross-Site Request Forgery	CVE-2023-27442	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	March 3, 2023
Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function	CVE-2023-25481	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 15, 2023
Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function	CVE-2023-25481	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 15, 2023
Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting	CVE-2023-23864	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	January 20, 2023
Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation	CVE-2023-41796	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 5, 2023
Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing	CVE-2023-38520	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 20, 2023
EventPrime <= 2.8.6 - Sensitive Information Exposure	CVE-2023-33321	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 22, 2023
Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change	CVE-2023-32127	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 4, 2023
Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure	CVE-2023-25057	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 4, 2023
Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass	CVE-2023-27437	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 5, 2023
WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation	CVE-2023-25785	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 15, 2023
Quiz Maker <= 6.3.9.4 - Content Spoofing	CVE-2023-23985	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 20, 2023
My Tickets <= 1.9.11 - Authorization Bypass	CVE-2023-23988	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 20, 2023
RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection	CVE-2023-23989	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 20, 2023
RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change	CVE-2023-23976	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 20, 2023
Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter	CVE-2023-33310	5.0	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N	May 22, 2023
SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-34018	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 27, 2023
Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-47511	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 7, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation