Rafie Muhammad

Security Researcher at Patchstack

Authenticated Stored XSS vulnerability in WooCommerce and Jetpack Plugin

15 November, 2023

Authenticated Stored XSS in WooCommerce and Jetpack Plugin

                xss            

                woocommerce            

                jetpack            

8 November, 2023

Arbitrary Attachment Render to XSS in Elementor Plugin

                Elementor            

                xss            

wordpress 6-3-2 security update technical analysis by patchstack

13 October, 2023

WordPress Core 6.3.2 Security Update – Technical Advisory

                WordPress core            

                security release            

12 October, 2023

Pre-Auth Arbitrary File Upload in User Submitted Posts Plugin

Critical Vulnerability

Two Path to Privilege Escalation Bugs Found In the Simple Membership Plugin

27 September, 2023

Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin

                privilege escalation            

                simple membership            

Authenticated Privilege Escalation in Essential Addons for Elementor Plugin

15 September, 2023

Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor

                Essential Addons for Elementor            

                privilege escalation            

6 September, 2023

Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5

                flatsome            

                php object injection            

31 August, 2023

Critical Arbitrary File Upload Patched in Forminator Plugin

                Critical Vulnerability            

                arbitrary file upload            

                forminator            

30 August, 2023

Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions

                access token            

                all-in-one wp migration            

jupiter x core vulnerability patched - patchstack social - rafie mohammad

24 August, 2023

Critical Vulnerabilities Patched in Jupiter X Core Plugin

                Critical Vulnerability            

                arbitrary file upload            

                account takeover            

                Jupiter X

10 August, 2023

Multiple High and Critical Vulnerabilities in Avada Theme and Plugin

3 August, 2023

Authenticated RCE in JetElements For Elementor Plugin

                Critical Vulnerability            

                Elementor            

                rce            

                jetelements

« Previous 1 2 3 4 5 Next »

Rafie Muhammad

Authenticated Stored XSS in WooCommerce and Jetpack Plugin

Arbitrary Attachment Render to XSS in Elementor Plugin

WordPress Core 6.3.2 Security Update – Technical Advisory

Pre-Auth Arbitrary File Upload in User Submitted Posts Plugin

Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin

Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor

Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5

Critical Arbitrary File Upload Patched in Forminator Plugin

Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions

Critical Vulnerabilities Patched in Jupiter X Core Plugin

Multiple High and Critical Vulnerabilities in Avada Theme and Plugin

Authenticated RCE in JetElements For Elementor Plugin

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials

Website security

For plugin devs

For researchers

Resources

Patchstack

Socials