🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > yuyudhn

yuyudhn

All Time Ranking

157

All Time Discoveries

About

I am passionate about cybersecurity, GNU/Linux, and open source. I have been using Debian as my daily driver since 2013. I am a fan of Evangelion and My Hero Academia. And obviously, I am a big fan of the GOAT, Cristiano Ronaldo.

Showing 81-100 of 157 Vulnerabilities

Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options

4.4

CVE-2023-23733

Mar 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23734

Mar 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23884

Mar 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter

4.4

CVE-2023-23863

Mar 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-23883

Mar 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-23894

Mar 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-28498

Mar 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-25052

Mar 14, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery

5.4

CVE-2023-27632

Mar 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-27631

Mar 8, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass

5.3

CVE-2023-27437

Mar 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-27450

Mar 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Leyka <= 3.29.2 - Cross-Site Request Forgery

5.4

CVE-2023-27442

Mar 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping

4.4

CVE-2023-26515

Feb 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-25982

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-26017

Feb 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization

3.8

CVE-2023-23814

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting

4.4

CVE-2023-25979

Feb 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes

4.3

CVE-2023-23705

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting

4.4

CVE-2023-25978

Feb 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options	CVE-2023-23733	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23734	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 21, 2023
Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23884	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter	CVE-2023-23863	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23883	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2023
Surbma \| GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-23894	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 17, 2023
Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update	CVE-2023-28498	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	March 16, 2023
Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-25052	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 14, 2023
Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery	CVE-2023-27632	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	March 8, 2023
Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-27631	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 8, 2023
Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass	CVE-2023-27437	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 5, 2023
Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-27450	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 3, 2023
Leyka <= 3.29.2 - Cross-Site Request Forgery	CVE-2023-27442	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	March 3, 2023
Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping	CVE-2023-26515	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-25982	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 23, 2023
Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-26017	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization	CVE-2023-23814	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	February 20, 2023
Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2023-25979	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 20, 2023
WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes	CVE-2023-23705	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 20, 2023
Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting	CVE-2023-25978	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation