I'm a Cyber Security Consultant focused on Web, API, and Mobile Penetration Testing and Cyber Investigations.
📝 Latest Blog Posts ➡️ blog.paniago.io
| Plugin | CVE ID | CVSS Score | Date |
|---|---|---|---|
| WooCommerce <= 9.0.2 - Unauthenticated HTML Injection | CVE2024-9944 |  |
October 14, 2024 |
| LearnPress <= 4.2.6.3 - Insecure Direct Object Reference | CVE2024-1289 |  |
April 4, 2024 |
| LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting | CVE2024-1463 |  |
April 4, 2024 |
| weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer | CVE2024-0386 |  |
March 12, 2024 |
| Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | CVE2023-6957 |  |
March 5, 2024 |
| Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A | CVE2024-1128 |  |
February 20, 2024 |
| Tutor LMS <= 2.6.0 - Missing Authorization | CVE2024-1133 |  |
February 20, 2024 |
| PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting | CVE2023-6953 | |
January 22, 2024 |
| WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission | CVE2023-7063 | |
January 19, 2024 |
| Formidable Forms <= 6.7 - HTML Injection | CVE2023-6830 | |
January 8, 2024 |
| Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting | CVE2023-6842 | |
January 8, 2024 |
| ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url | CVE2023-6828 | |
January 3, 2024 |