🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 61-80 of 126 Vulnerabilities

Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery

4.3

CVE-2021-24799

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Logo Slider and Showcase <= 1.3.36 - Settings Update

6.5

CVE-2021-24742

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting

5.5

CVE-2021-24624

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Stylish Price List <= 6.9.0 - Missing Authorization

6.5

CVE-2021-24770

Sep 29, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Stylish Price List < 6.9.0 - Arbitrary Image Upload

9.8

CVE-2021-24757

Sep 29, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Flat Preloader < 1.5.5 - Stored Cross-Site Scripting

5.5

CVE-2021-24789

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AutomatorWP <= 1.7.5 - Privilege Escalation

8.8

CVE-2021-24717

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24682

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

5.4

CVE-2021-24685

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update

6.5

CVE-2021-24779

Sep 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24699

Sep 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CatchThemes Plugins (Various Versions) - Missing Authorization

5.4

CVE-2021-24752

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

One User Avatar <= 2.3.6 - Cross-Site Request Forgery

6.5

CVE-2021-24675

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting

5.4

CVE-2021-24760

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

One User Avatar <= 2.3.6 - Stored Cross-Site Scripting

5.4

CVE-2021-24672

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Compact WP Audio Player <= 1.9.6 - Setting Change via Cross-Site Request Forgery

4.3

CVE-2021-24735

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

PDF Light Viewer <= 1.4.11 - Authenticated Command Injection

9.9

CVE-2021-24684

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24734

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting

6.4

CVE-2021-24743

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Find My Blocks < 3.4.0 - Sensitive Information Disclosure

5.3

CVE-2021-24677

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery	CVE-2021-24799	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 4, 2021
Logo Slider and Showcase <= 1.3.36 - Settings Update	CVE-2021-24742	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	October 4, 2021
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting	CVE-2021-24624	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 4, 2021
Stylish Price List <= 6.9.0 - Missing Authorization	CVE-2021-24770	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	September 29, 2021
Stylish Price List < 6.9.0 - Arbitrary Image Upload	CVE-2021-24757	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 29, 2021
Flat Preloader < 1.5.5 - Stored Cross-Site Scripting	CVE-2021-24789	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2021
AutomatorWP <= 1.7.5 - Privilege Escalation	CVE-2021-24717	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 28, 2021
Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24682	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 28, 2021
Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24685	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	September 28, 2021
WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update	CVE-2021-24779	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	September 27, 2021
Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24699	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 22, 2021
CatchThemes Plugins (Various Versions) - Missing Authorization	CVE-2021-24752	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	September 20, 2021
One User Avatar <= 2.3.6 - Cross-Site Request Forgery	CVE-2021-24675	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	September 20, 2021
Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting	CVE-2021-24760	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 20, 2021
One User Avatar <= 2.3.6 - Stored Cross-Site Scripting	CVE-2021-24672	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 20, 2021
Compact WP Audio Player <= 1.9.6 - Setting Change via Cross-Site Request Forgery	CVE-2021-24735	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 15, 2021
PDF Light Viewer <= 1.4.11 - Authenticated Command Injection	CVE-2021-24684	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	September 15, 2021
Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24734	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting	CVE-2021-24743	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
Find My Blocks < 3.4.0 - Sensitive Information Disclosure	CVE-2021-24677	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 15, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation