Zhouyuan Yang

120
All Time Ranking
16
All Time Discoveries

16 Vulnerabilities

Title CVE ID CVSS Vector Date
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description CVE-2022-2937 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 31, 2022
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link CVE-2022-2936 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 31, 2022
Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL CVE-2022-2935 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 31, 2022
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor CVE-2022-2716 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection CVE-2022-2429 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L August 29, 2022
Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' CVE-2022-2516 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover CVE-2022-2517 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' CVE-2022-2430 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL CVE-2022-2934 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
WP Users Exporter <= 1.4.2 - CSV Injection CVE-2022-3026 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L August 29, 2022
Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' CVE-2022-2695 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 29, 2022
WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews CVE-2019-16219 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N September 5, 2019
WooCommerce <= 3.5.4 - Stored Cross-Site Scripting CVE-2019-9168 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 20, 2019
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting via image alt and title text CVE-2018-1000172 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N February 14, 2018
WooCommerce < 2.4.9 - Cross-site Scripting 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N November 17, 2015
Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting CVE-2015-2324 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N March 13, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation