Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

Rasi

0
0
0
0
Twitter Github Website
28 November, 2022
Rasi
Alliance XP
0
Total reports
31
Reports, last 90 days
0
Contributions 31
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

WordPress Countdown Widget <= 3.1.9.1 CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS)

6.1

23 November, 2022

Plugin

Mantenimiento web <= 0.13 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

6.1

31 October, 2022

Plugin

Forms by CaptainForm <= 2.5.3 CrossSite Request Forgery (CSRF) vulnerability

5.4

29 October, 2022

Plugin

Auto Upload Images <= 3.3 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

+0 AXP

6.1

24 October, 2022

Plugin

Media Library Folders <= 7.1.1 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 September, 2022

Plugin

OSM – OpenStreetMap <= 6.0.2 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

30 September, 2022

Plugin

HREFLANG Tags Lite <= 2.0.0 Unauthenticated Plugin Data Reset vulnerability

6.5

29 September, 2022

Plugin

Oceanwp sticky header <= 1.0.8 CrossSite Request Forgery (CSRF) vulnerability

4.3

27 September, 2022

Plugin

Advance WordPress Search Plugin <= 1.1.4 Unauthenticated Plugin Settings Change vulnerability

+0 AXP

6.5

27 September, 2022

Plugin

Advance WordPress Search Plugin <= 1.1.9 Unauthenticated Plugin Settings Reset vulnerability

+0 AXP

6.5

27 September, 2022

Plugin

Kraken.io Image Optimizer <= 2.6.5 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 September, 2022

Plugin

3D Tag Cloud <= 3.8 Multiple Stored CrossSite Scripting (XSS) via CrossSite Request Forgery (CSRF) vulnerability

6.1

22 September, 2022

Plugin

RD Station <= 5.2.0 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

11 September, 2022

Plugin

Mega Addons For WPBakery Page Builder <= 4.3.0 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

5.4

2 September, 2022

Plugin

Captcha Code <= 2.7 CrossSite Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

5.4

1 September, 2022

Plugin

GetResponse for WordPress <= 5.5.20 CrossSite Request Forgery (CSRF) vulnerability leading to API Key Update

5.4

1 September, 2022

Plugin

CallRail Phone Call Tracking <= 0.4.9 CrossSite Request Forgery (CSRF) vulnerability leading to Stored CrossSite Scripting (XSS)

6.1

1 September, 2022

Plugin

MP3 jPlayer <= 2.7.3 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

1 September, 2022

Plugin

Better Font Awesome <= 2.0.1 CrossSite Request Forgery (CSRF) vulnerability

4.3

25 August, 2022

Plugin

wp-forecast <= 7.5 forecast plugin <= 7.5 Authenticated Stored CrossSite Scripting (XSS) vulnerability

4.8

25 August, 2022

Plugin

Photo Gallery by Supsystic <= 1.15.5 CrossSite Request Forgery (CSRF) leading to Plugin Settings Change

5.4

15 June, 2022

Plugin

API KEY for Google Maps <= 1.2.1 CSRF vulnerability leading to Google Maps API key update

5.4

8 June, 2022

Plugin

Social Share Buttons by Supsystic <= 2.2.3 CrossSite Request Forgery (CSRF) vulnerability

4.3

27 May, 2022

Plugin

Disable Right Click For WP <= 1.1.6 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

4 May, 2022

Plugin

Code Snippets Extended <= 1.4.7 CrossSite Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability

8.8

4 May, 2022

Plugin

Footer Text <= 2.0.3 CrossSite Request Forgery (CSRF) leading to CrossSite Scripting (XSS) vulnerability

6.1

28 April, 2022

Plugin

Use Any Font <= 6.1.7 CrossSite Request Forgery (CSRF) vulnerability

5.4

30 March, 2022

Plugin

Analytics Cat <= 1.0.9 Plugin Settings change via CrossSite Request Forgery (CSRF) vulnerability

4.7

8 March, 2022

Plugin

PHP Everywhere <= 2.0.2 CrossSite Request Forgery (CSRF) vulnerability

5.4

23 December, 2021

Plugin

Ark-commenteditor <= 2.15.6 commenteditor plugin <= 2.15.6 Iframe Injection via Comment vulnerability

5.3

23 September, 2021

Plugin

WP SVG images <= 3.3 Authenticated Stored CrossSite Scripting (XSS) vulnerability via uploaded SVG file

7.6

14 June, 2021

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugin developers NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugin developers NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close