🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 21-40 of 126 Vulnerabilities

WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure

4.3

CVE-2021-24733

Dec 27, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes

5.4

CVE-2021-24694

Dec 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities

8.8

CVE-2021-24696

Dec 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Logo Carousel <= 3.4.1 - Unauthorised Private Post Access

4.3

CVE-2021-24739

Nov 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24738

Nov 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting

6.4

CVE-2021-24828

Nov 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update

4.3

CVE-2021-24836

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery

4.3

CVE-2021-24784

Nov 15, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting

5.4

CVE-2021-24822

Nov 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24751

Nov 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

URL Shortify <= 1.5.0 - Cross-Site Request Forgery

4.3

CVE-2021-24749

Oct 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Bulk Datetime Change <= 1.11 - Missing Authorisation

5.4

CVE-2021-24842

Oct 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

MAZ Loader – Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery

4.3

CVE-2021-24668

Oct 25, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery

4.3

CVE-2021-24730

Oct 24, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Images to WebP < 1.9 - Cross-Site Request Forgery

8.1

CVE-2021-24641

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting

5.4

CVE-2021-24729

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Download Plugin < 1.6.1 - Cross-Site Request Forgery

5.7

CVE-2021-24703

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery

8.8

CVE-2021-24804

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery

4.3

CVE-2021-24776

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure	CVE-2021-24733	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 27, 2021
Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes	CVE-2021-24694	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	December 21, 2021
Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities	CVE-2021-24696	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 21, 2021
Logo Carousel <= 3.4.1 - Unauthorised Private Post Access	CVE-2021-24739	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 22, 2021
Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24738	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	November 22, 2021
Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting	CVE-2021-24828	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 16, 2021
Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update	CVE-2021-24836	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 15, 2021
WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery	CVE-2021-24784	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 15, 2021
Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting	CVE-2021-24822	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	November 1, 2021
GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24751	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 1, 2021
URL Shortify <= 1.5.0 - Cross-Site Request Forgery	CVE-2021-24749	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 28, 2021
Bulk Datetime Change <= 1.11 - Missing Authorisation	CVE-2021-24842	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 26, 2021
MAZ Loader – Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery	CVE-2021-24668	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2021
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery	CVE-2021-24730	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 24, 2021
Images to WebP < 1.9 - Cross-Site Request Forgery	CVE-2021-24641	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	October 19, 2021
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting	CVE-2021-24729	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 19, 2021
Download Plugin < 1.6.1 - Cross-Site Request Forgery	CVE-2021-24703	5.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N	October 19, 2021
Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery	CVE-2021-24804	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery	CVE-2021-24776	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 18, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation