zhangyunpei

103
All Time Ranking
25
All Time Discoveries

Showing 1-20 of 25 Vulnerabilities

Title CVE ID CVSS Vector Date
Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection CVE-2023-1408 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 17, 2023
EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3811 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 27, 2022
Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-4196 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 17, 2022
404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-3855 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 15, 2022
WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-4198 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 7, 2022
Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting CVE-2022-3835 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 5, 2022
Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-4226 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 2, 2022
Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-3840 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N December 1, 2022
Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting CVE-2022-4197 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 30, 2022
External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-3832 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 28, 2022
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3862 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 21, 2022
Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting CVE-2022-3919 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 21, 2022
WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3838 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 10, 2022
Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3837 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 10, 2022
Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3836 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 9, 2022
Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-3836 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 7, 2022
WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting CVE-2022-3824 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 6, 2022
Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2022-3822 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 4, 2022
Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3823 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2022
Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2022-3839 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 3, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation