Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

Rafie Muhammad (Patchstack)

0
0
0
0
Twitter Github Website
28 November, 2022
Alliance XP
4006.44
Contributions
114
Contributions 114
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

███████ █████ ████████████████████████████████████████████████████████

+5 AXP

7.6

Pending

████

███████ █████ ███████████████████████████████████

+14 AXP

7.1

Pending

████

███████ █████ ██████████████████████████████████████████

+105 AXP

7.5

Pending

████

███████ █████ █████████████████████████████████████████████████

+105 AXP

7.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+12 AXP

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

+50 AXP

6.5

Pending

████

██████████████ █████ ██████████████████████████████████████████

+116 AXP

5.8

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+69 AXP

5.8

Pending

████

██████████████ █████ ███████████████████████████████████

+74 AXP

9.9

Pending

████

███████ █████ █████████████████████████████████████████████████

+31 AXP

8.3

Pending

████

███████ █████ ██████████████████████████████████████████

+48 AXP

5.4

Pending

████

██████████████ █████ ██████████████████████████████████████████

+24 AXP

6.5

Pending

████

███████ █████ ██████████████████████████████████████████

+9 AXP

6.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+10 AXP

7.1

Pending

████

██████████████ █████ ███████████████████████████████████

+19 AXP

6.5

Pending

████

███████ █████ █████████████████████████████████████████████████

+21 AXP

7.1

Pending

████

██████████████ █████ ███████████████████████████████████

+14 AXP

6.5

Pending

████

█████████████████████ █████ ████████████████████████████████████████████████████████

+14 AXP

6.5

Pending

Plugin

WooCommerce Box Office <= 1.1.51 Unauthenticated Save Ticket Barcode vulnerability

+13 AXP

6.5

7 days ago

Plugin

WooCommerce Box Office <= 1.1.50 Contributor+ Stored Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

2 June, 2023

Plugin

Premium Addons PRO <= 2.8.24 Reflected Cross Site Scripting (XSS) vulnerability

+42.6 AXP

7.1

2 June, 2023

Plugin

Tutor LMS <= 2.1.10 Unauthenticated SQL Injection vulnerability

+73.8 AXP

8.2

30 May, 2023

Plugin

Tutor LMS <= 2.2.0 Multiple Student+ SQL Injection vulnerability

+36.45 AXP

8.1

30 May, 2023

Plugin

Tutor LMS <= 2.1.10 Multiple Tutor Instructor+ SQL Injection vulnerability

+31.95 AXP

7.1

30 May, 2023

Plugin

Gravity Forms <= 2.7.3 Unauthenticated PHP Object Injection vulnerability

+116.2 AXP

8.3

29 May, 2023

Plugin

Tutor LMS <= 2.2.1 Multiple Broken Access Control vulnerabilities

+24.9 AXP

8.3

24 May, 2023

Plugin

WooCommerce Product Vendors <= 2.1.76 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

24 May, 2023

Plugin

WooCommerce Product Vendors <= 2.1.76 Vendor Admin+ SQL Injection vulnerability

+12.75 AXP

8.5

24 May, 2023

Plugin

WooCommerce Follow-Up Emails <= 4.9.50 Up Emails plugin <= 4.9.50 FollowUp Emails Manager+ SQL Injection vulnerability

+12.75 AXP

8.5

24 May, 2023

Plugin

Yoast SEO: Local <= 14.9 Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

24 May, 2023

Plugin

Elementor Website Builder <= 3.13.2 Broken Access Control vulnerability

+37.09 AXP

4.3

24 May, 2023

Plugin

Rank Math SEO PRO <= 3.0.35 Reflected Cross Site Scripting (XSS) vulnerability

+71 AXP

7.1

22 May, 2023

Plugin

Contact Form Entries <= 1.3.0 Cross Site Scripting (XSS) vulnerability

+14.63 AXP

6.5

22 May, 2023

Plugin

Contact Form Entries <= 1.3.0 Auth. SQL Injection (SQLi) vulnerability

+28.69 AXP

8.5

22 May, 2023

Plugin

WooCommerce Warranty Requests <= 2.1.6 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

WooCommerce Follow-Up Emails <= 4.9.40 Up Emails plugin <= 4.9.40 Arbitrary File Upload vulnerability

+19.8 AXP

9.9

22 May, 2023

Plugin

WooCommerce Follow-Up Emails <= 4.9.40 Up Emails plugin <= 4.9.40 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

22 May, 2023

Plugin

WooCommerce Follow-Up Emails <= 4.9.40 Up Emails plugin <= 4.9.40 Multiple Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

22 May, 2023

Plugin

LearnDash LMS <= 4.5.3 Auth. SQL Injection (SQLi) vulnerability

+28.69 AXP

8.5

22 May, 2023

Plugin

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 Unrestricted Zip Extraction vulnerability

+37.13 AXP

9.9

22 May, 2023

Plugin

Duplicator Pro <= 4.5.11 Reflected Cross Site Scripting (XSS) vulnerability

+56.8 AXP

7.1

22 May, 2023

Plugin

UpdraftPlus <= 1.23.3 CSRF lead to wpadmin Site Wide XSS vulnerability

+28.4 AXP

7.1

18 May, 2023

Plugin

Easy Forms for Mailchimp <= 6.8.8 Cross Site Scripting (XSS) vulnerability

+46.4 AXP

5.8

17 May, 2023

Plugin

Chaty <= 3.0.9 Cross Site Scripting (XSS) vulnerability

+35.5 AXP

7.1

16 May, 2023

Plugin

WooCommerce Product Add-ons <= 6.1.3 ons plugin <= 6.1.3 Authenticated PHP Object Injection vulnerability

+12.3 AXP

8.2

15 May, 2023

Plugin

WooCommerce Product Add-ons <= 6.1.3 ons plugin <= 6.1.3 Cross Site Request Forgery (CSRF) vulnerability

+8.1 AXP

5.4

15 May, 2023

Plugin

WooCommerce Bookings <= 1.15.78 Insecure Direct Object References (IDOR) vulnerability

+5.4 AXP

5.4

15 May, 2023

Plugin

AutomateWoo <= 5.7.1 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

15 May, 2023

Plugin

WooCommerce Brands <= 1.6.45 Contributor+ Stored Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

15 May, 2023

Plugin

WooCommerce Pre-Orders <= 2.0.0 Orders plugin <= 2.0.0 Contributor+ Stored Cross Site Scripting (XSS) vulnerability

+4.88 AXP

6.5

15 May, 2023

Plugin

AutomateWoo <= 5.7.1 Shop Manager+ SQL Injection vulnerability

+5.7 AXP

7.6

15 May, 2023

Plugin

WooCommerce Pre-Orders <= 1.9.0 Orders plugin <= 1.9.0 Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

15 May, 2023

Plugin

WooCommerce Composite Products <= 8.7.5 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

15 May, 2023

Plugin

WooCommerce Ship to Multiple Addresses <= 3.8.3 Insecure Direct Object References (IDOR) vulnerability

+6.5 AXP

6.5

15 May, 2023

Plugin

WooCommerce Product Recommendations < 2.3.0 Cross Site Request Forgery (CSRF) vulnerability

+2.7 AXP

5.4

15 May, 2023

Plugin

Essential Addons for Elementor Pro <= 5.4.8 Reflected Cross Site Scripting (XSS) vulnerability

+56.8 AXP

7.1

15 May, 2023

Plugin

Essential Addons for Elementor Pro <= 5.4.8 Unauthenticated Server Side Request Forgery (SSRF) vulnerability

+49.68 AXP

5.4

15 May, 2023

Plugin

Slimstat Analytics <= 5.0.4 SQL Injection (SQLi) vulnerability

+0 AXP

8.8

11 May, 2023

Plugin

Slimstat Analytics <= 5.0.4 Reflected CrossSite Scripting (XSS) vulnerability

+56.8 AXP

7.1

11 May, 2023

Plugin

Bookly <= 21.7.1 Authenticated Arbitrary File Deletion vulnerability

+34.65 AXP

7.7

11 May, 2023

Plugin

Essential Addons for Elementor 5.4.0-5.7.1 5.7.1 Unauthenticated Privilege Escalation vulnerability

+236.67 AXP

9.8

11 May, 2023

Plugin

Download Monitor <= 4.7.60 Sensitive Data Exposure vulnerability

+21.2 AXP

5.3

10 May, 2023

Plugin

Google Analytics by Monster Insights <= 8.14.0 Cross Site Scripting (XSS) vulnerability

+52 AXP

6.5

10 May, 2023

Plugin

GiveWP <= 2.25.3 Donation Plugin plugin <= 2.25.3 PHP Object Injection vulnerability

+60 AXP

7.5

9 May, 2023

Plugin

ExactMetrics <= 7.14.1 Cross Site Scripting (XSS) vulnerability

+39 AXP

6.5

9 May, 2023

Plugin

Yoast SEO Premium <= 20.4 Unauthenticated Zapier API Key Reset vulnerability

+106 AXP

5.3

9 May, 2023

Plugin

Yoast SEO: Local <= 14.8 Cross Site Request Forgery (CSRF) vulnerability

+3.25 AXP

6.5

9 May, 2023

Plugin

Yoast SEO: Local <= 14.8 Reflected Cross Site Scripting (XSS) vulnerability

+14.2 AXP

7.1

9 May, 2023

Theme

Flatsome <= 3.16.8 Reflected Cross Site Scripting (XSS) vulnerability

+71 AXP

7.1

9 May, 2023

Theme

Divi <= 4.20.2 Contributor+ Cross Site Scripting (XSS) vulnerability

+44.85 AXP

6.5

9 May, 2023

Plugin

Advanced Custom Fields PRO <= 6.1.5 Reflected Cross Site Scripting (XSS) vulnerability

+71 AXP

7.1

5 May, 2023

Plugin

Advanced Custom Fields <= 6.1.5 Reflected Cross Site Scripting (XSS) vulnerability

+113.6 AXP

7.1

5 May, 2023

Theme

JupiterX <= 3.0.0 Auth. Local File Inclusion vulnerability

+69.92 AXP

7.6

3 May, 2023

Plugin

YARPP <= 5.30.3 Local File Inclusion

+46.2 AXP

7.7

18 April, 2023

Plugin

Quiz And Survey Master <= 8.1.4 Unauthenticated SQL Injection vulnerability

+55.8 AXP

9.3

16 April, 2023

Theme

Betheme <= 26.7.5 Reflected Cross Site Scripting (XSS) vulnerability

+81.65 AXP

7.1

13 April, 2023

Plugin

MapPress Maps for WordPress <= 2.85.4 Authenticated SQL Injection vulnerability

+23.96 AXP

7.1

6 April, 2023

Theme

The7 <= 11.6.0 Reflected Cross Site Scripting (XSS) vulnerability

+81.65 AXP

7.1

6 April, 2023

Plugin

GiveWP <= 2.25.2 Cross Site Request Forgery (CSRF) vulnerability

+0 AXP

6.3

27 March, 2023

Plugin

User Registration <= 2.3.2.1 Authenticated PHP Object Injection vulnerability

+22.2 AXP

7.4

21 March, 2023

Plugin

SEO Plugin by Squirrly SEO <= 12.1.20 Broken Access Control vulnerability

+0 AXP

6.3

17 March, 2023

Plugin

SEO Plugin by Squirrly SEO <= 12.1.20 Reflected CrossSite Scripting (XSS) vulnerability

+7.1 AXP

7.1

17 March, 2023

Plugin

WP Google Map Plugin <= 4.4.2 CrossSite Request Forgery (CSRF)

+0 AXP

5.4

13 March, 2023

Plugin

GiveWP <= 2.25.1 Cross Site Scripting (XSS) via render_dropdown vulnerability

+11.8 AXP

5.9

10 March, 2023

Plugin

GiveWP <= 2.25.1 Server Side Request Forgery (SSRF) vulnerability

+22 AXP

5.5

10 March, 2023

Plugin

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 Cross Site Scripting (XSS) vulnerability

+45.5 AXP

6.5

2 March, 2023

Plugin

Dokan <= 3.7.12 Authenticated SQL Injection vulnerability

+31.95 AXP

7.1

2 March, 2023

Theme

OceanWP <= 3.4.1 Authenticated Local File Inclusion vulnerability

+91.2 AXP

7.6

27 February, 2023

Plugin

ProfilePress <= 4.5.4 Cross Site Scripting (XSS) vulnerability

+35.5 AXP

7.1

21 February, 2023

Plugin

ProfilePress <= 4.5.4 Cross Site Scripting (XSS) vulnerability

+32.5 AXP

6.5

20 February, 2023

Plugin

Ocean Extra <= 2.1.2 Cross Site Scripting (XSS) vulnerability

+24.75 AXP

5.5

15 February, 2023

Plugin

Shortcodes Ultimate <= 5.12.6 Server Side Request Forgery (SSRF) vulnerability

+31.95 AXP

7.1

10 February, 2023

Plugin

Shortcodes Ultimate <= 5.12.6 Arbitrary File Download vulnerability

+47.93 AXP

7.1

10 February, 2023

Plugin

Shortcodes Ultimate <= 5.12.6 Cross Site Scripting (XSS) vulnerability

+29.25 AXP

6.5

10 February, 2023

Plugin

Rank Math SEO <= 1.0.107.2 Local File Inclusion vulnerability

+53.2 AXP

7.6

10 February, 2023

Plugin

Plugin for Google Reviews <= 2.2.3 Auth. SQL Injection (SQLi) vulnerability

+36.4 AXP

9.1

8 February, 2023

Plugin

Redirection for Contact Form 7 <= 2.7.0 Privilege Escalation vulnerability

+38 AXP

7.6

6 February, 2023

Plugin

WP Statistics <= 13.2.10 Multiple Authenticated SQL Injection vulnerabilities

+0 AXP

9.9

31 January, 2023

Plugin

Loginizer <= 1.7.5 Unauth. Reflected CrossSite Scripting (XSS) vulnerability

+44.1 AXP

7.1

5 December, 2022

Plugin

Loginizer <= 1.7.5 CrossSite Request Forgery (CSRF) vulnerability

+32.9 AXP

4.7

5 December, 2022

Plugin

All In One WP Security & Firewall <= 5.1.0 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

22 November, 2022

Plugin

wpForo Forum <= 2.0.9 Arbitrary File Upload vulnerability

+9.9 AXP

9.9

9 November, 2022

Plugin

All in One SEO Pro <= 4.2.5.1 Server Side Request Forgery (SSRF) vulnerability

3.0

28 October, 2022

Plugin

SEO Plugin by Squirrly SEO <= 12.1.10 Auth. Arbitrary File Upload vulnerability

8.8

25 October, 2022

Plugin

Sucuri Security <= 1.8.33 CrossSite Request Forgery (CSRF) vulnerability

2.3

14 September, 2022

Plugin

All In One SEO Pack <= 4.2.3.1 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

5 September, 2022

Plugin

Rank Math SEO <= 1.0.95 ServerSide Request Forgery (SSRF) vulnerability

6.8

12 August, 2022

Plugin

Directorist <= 7.2.2 Authenticated Arbitrary File Upload vulnerability

4.9

18 July, 2022

Plugin

GiveWP <= 2.20.2 Authenticated Arbitrary File Read via Export function vulnerability

5.5

12 July, 2022

Plugin

GiveWP <= 2.20.2 Authenticated Arbitrary File Creation via Export function vulnerability

9.1

12 July, 2022

Plugin

WP Visitor Statistics (Real Time Traffic) <= 5.7 Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities

9.3

5 July, 2022

Plugin

Popup Builder <= 4.1.11 CrossSite Request Forgery (CSRF) leading to plugin settings update

5.4

30 June, 2022

Plugin

WP Meta SEO <= 4.4.8 Social Settings Update via CrossSite Request Forgery (CSRF) vulnerability

5.4

28 June, 2022

Plugin

Download Manager <= 3.2.42 Reflected CrossSite Scripting (XSS) vulnerability

6.1

7 June, 2022

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close