🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > zhangyunpei

zhangyunpei

All Time Ranking

All Time Discoveries

Showing 1-20 of 25 Vulnerabilities

Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-1408

Apr 17, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3811

Dec 27, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-4196

Dec 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3855

Dec 15, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-4198

Dec 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting

5.5

CVE-2022-3835

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-4226

Dec 2, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3840

Dec 1, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE-2022-4197

Nov 30, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3832

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3862

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting

5.5

CVE-2022-3919

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3838

Nov 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3837

Nov 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3836

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3836

Nov 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting

5.5

CVE-2022-3824

Nov 6, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3822

Nov 4, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3823

Nov 3, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-3839

Nov 3, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection	CVE-2023-1408	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 17, 2023
EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3811	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 27, 2022
Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-4196	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 17, 2022
404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3855	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 15, 2022
WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-4198	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 7, 2022
Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting	CVE-2022-3835	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 5, 2022
Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-4226	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 2, 2022
Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3840	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	December 1, 2022
Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting	CVE-2022-4197	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 30, 2022
External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3832	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 28, 2022
Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3862	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 21, 2022
Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting	CVE-2022-3919	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 21, 2022
WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3838	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 10, 2022
Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3837	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 10, 2022
Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3836	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 9, 2022
Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3836	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 7, 2022
WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting	CVE-2022-3824	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 6, 2022
Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3822	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 4, 2022
Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3823	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 3, 2022
Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-3839	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 3, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation