🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > yuyudhn

yuyudhn

All Time Ranking

157

All Time Discoveries

About

I am passionate about cybersecurity, GNU/Linux, and open source. I have been using Debian as my daily driver since 2013. I am a fan of Evangelion and My Hero Academia. And obviously, I am a big fan of the GOAT, Cristiano Ronaldo.

Showing 141-157 of 157 Vulnerabilities

Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-24004

Jan 23, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php

4.3

CVE-2023-47655

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

which template file <= 4.8.0 - Cross-Site Request Forgery

4.3

CVE-2023-45753

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery

4.3

CVE-2023-41730

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery

4.3

CVE-2023-34169

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change

4.3

CVE-2023-32125

May 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Comments Ratings <= 1.1.6 - Cross-Site Request Forgery

4.3

CVE-2023-23704

Apr 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-28498

Mar 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes

4.3

CVE-2023-23705

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery

4.3

CVE-2023-23724

Feb 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery

4.3

CVE-2023-25472

Feb 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery

4.3

CVE-2023-24388

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Organization chart <= 1.4.4 - Cross-Site Request Forgery

4.3

CVE-2023-24384

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery

4.3

CVE-2023-23983

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery

4.3

CVE-2023-22691

Jan 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks

4.1

CVE-2023-23895

Jan 20, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization

3.8

CVE-2023-23814

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-24004	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 23, 2023
ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php	CVE-2023-47655	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 7, 2023
which template file <= 4.8.0 - Cross-Site Request Forgery	CVE-2023-45753	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery	CVE-2023-41730	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery	CVE-2023-34169	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 31, 2023
Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change	CVE-2023-32125	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 4, 2023
Comments Ratings <= 1.1.6 - Cross-Site Request Forgery	CVE-2023-23704	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 7, 2023
Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update	CVE-2023-28498	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	March 16, 2023
WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes	CVE-2023-23705	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 20, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery	CVE-2023-23724	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 15, 2023
Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery	CVE-2023-25472	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 10, 2023
Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery	CVE-2023-24388	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 27, 2023
Organization chart <= 1.4.4 - Cross-Site Request Forgery	CVE-2023-24384	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 27, 2023
Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery	CVE-2023-23983	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery	CVE-2023-22691	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 20, 2023
WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks	CVE-2023-23895	4.1	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L	January 20, 2023
CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization	CVE-2023-23814	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	February 20, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation