Ian Dunn


33 total issues disclosed

$950 total paid publicly


Most disclosed (9 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
SSRF Possible through /wordpress/xmlrpc.php Server-Side Request Forgery (SSRF) azzassin None 2020-10-12
Timing Attack in Google Authenticator - Per User Prompt Cryptographic Issues - Generic whitehatter High 2017-10-29
Formula injection via CSV exports in WordCamp Talks plugin Command Injection - Generic whitehatter Medium 2017-10-23
HTML injection-WordCamp Talks plugin Cross-site Scripting (XSS) - Generic paresh_parmar Medium 2017-10-16
unchecked unserialize usages in audit-trail-extension/audit-trail-extension.php None supplied e3amn2l Medium 2016-12-30
constant cache_page_secret in regolith None supplied e3amn2l No rating 2016-12-30
unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php None supplied e3amn2l No rating 2016-12-29
No CAPTCHA ia exist in pages Violation of Secure Design Principles ravenbugbounty None 2016-11-24
Bypassing CSV injection using new line charcter Command Injection - Generic huops Low 2016-10-13
CSV Injection in Camptix Command Injection - Generic grande Low 2016-10-12
Bypass fix in https://hackerone.com/reports/151516 report. Command Injection - Generic lalka Low 2016-10-12
Google Authenticator - Cross Site Scripting Cross-site Scripting (XSS) - Generic iamsha4yan No rating 2016-10-11
Google Authenticator0.6 - PHP Version Dosclosure Information Disclosure iamsha4yan No rating 2016-10-06
All Plugins - Direct file access to plugin files Vulnerability Improper Authentication - Generic iamsha4yan No rating 2016-10-06
stored SELF xss on Basic Google Maps Placemarks Settings plugin Cross-site Scripting (XSS) - Generic kenan No rating 2016-09-27
Potentially vulnerable version of Apache software in and default files on https://iandunn.name/ Information Disclosure ethnicalhacker No rating 2016-09-27
bypass to csv injection Command Injection - Generic superngorksky No rating 2016-09-27
Send emails to all users using Camptix Cross-Site Request Forgery (CSRF) jshindl No rating 2016-09-27
[Not just a server configuration issue] Full Path Disclosure Information Disclosure ahsan No rating 2016-08-24
XSS in Tagregator plugin Cross-site Scripting (XSS) - Generic dia2diab No rating 2016-08-18
Path Disclosure Vulnerability Information Disclosure jamalcom No rating 2016-08-18
SSL certificate public key less than 2048 bit Cryptographic Issues - Generic proxynwh No rating 2016-08-18
Brute force on wp-login Violation of Secure Design Principles proxynwh No rating 2016-08-18
Multiple XSS in Camptix Event Ticketing Plugin Cross-site Scripting (XSS) - Generic thezawad No rating 2016-08-18
CSV Injection at Camptix Event Ticketing Command Injection - Generic thezawad No rating 2016-08-18
CSRF in changing settings of Basic Google Maps Placemarks Cross-Site Request Forgery (CSRF) ahsan No rating 2016-07-25
User enumeration in wp-admin Improper Authentication - Generic hacklikeapro No rating 2016-07-16
Multiple Path Disclosure Information Disclosure anant No rating 2016-07-16
Stored XSS in SupportFlow Ticket Subject Cross-site Scripting (XSS) - Generic whitehatter No rating 2016-06-28
Stored XSS from ticket messages in admin table in SupportFlow Cross-site Scripting (XSS) - Generic whitehatter No rating 2016-06-28
PHP and Wordpress version disclosure Information Disclosure siddiki No rating 2014-06-11
Xss in CampTix Event Ticketing Cross-site Scripting (XSS) - Generic old_reporter No rating 2014-04-24
Stored XSS in all fields in Basic Google Maps Placemarks Settings Cross-site Scripting (XSS) - Generic eronx No rating 2014-04-24