🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 61-80 of 126 Vulnerabilities

Recipe Card Blocks by WPZOOM <= 2.8.0 - Reflected Cross-Site Scripting

6.1

CVE-2021-24632

Aug 24, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24446

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24467

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Prismatic <= 2.7 - Reflected Cross-Site Scripting

6.1

CVE-2021-24409

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Download Plugin < 1.6.1 - Cross-Site Request Forgery

5.7

CVE-2021-24703

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting

5.5

CVE-2021-24624

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Flat Preloader < 1.5.5 - Stored Cross-Site Scripting

5.5

CVE-2021-24789

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG

5.4

CVE-2021-24960

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode

5.4

CVE-2021-24961

Feb 14, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes

5.4

CVE-2021-24694

Dec 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24738

Nov 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting

5.4

CVE-2021-24822

Nov 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Bulk Datetime Change <= 1.11 - Missing Authorisation

5.4

CVE-2021-24842

Oct 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting

5.4

CVE-2021-24729

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

QR Redirector < 1.6.1 - Stored Cross-Site Scripting

5.4

CVE-2021-24854

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

5.4

CVE-2021-24685

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24699

Sep 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CatchThemes Plugins (Various Versions) - Missing Authorization

5.4

CVE-2021-24752

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting

5.4

CVE-2021-24760

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

One User Avatar <= 2.3.6 - Stored Cross-Site Scripting

5.4

CVE-2021-24672

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Recipe Card Blocks by WPZOOM <= 2.8.0 - Reflected Cross-Site Scripting	CVE-2021-24632	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 24, 2021
Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24446	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2021
Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24467	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 1, 2021
Prismatic <= 2.7 - Reflected Cross-Site Scripting	CVE-2021-24409	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 21, 2021
Download Plugin < 1.6.1 - Cross-Site Request Forgery	CVE-2021-24703	5.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N	October 19, 2021
MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting	CVE-2021-24624	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 4, 2021
Flat Preloader < 1.5.5 - Stored Cross-Site Scripting	CVE-2021-24789	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 28, 2021
WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG	CVE-2021-24960	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	February 14, 2022
WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode	CVE-2021-24961	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	February 14, 2022
Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes	CVE-2021-24694	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	December 21, 2021
Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24738	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	November 22, 2021
Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting	CVE-2021-24822	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	November 1, 2021
Bulk Datetime Change <= 1.11 - Missing Authorisation	CVE-2021-24842	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 26, 2021
Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting	CVE-2021-24729	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 19, 2021
QR Redirector < 1.6.1 - Stored Cross-Site Scripting	CVE-2021-24854	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24685	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	September 28, 2021
Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24699	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 22, 2021
CatchThemes Plugins (Various Versions) - Missing Authorization	CVE-2021-24752	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	September 20, 2021
Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting	CVE-2021-24760	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 20, 2021
One User Avatar <= 2.3.6 - Stored Cross-Site Scripting	CVE-2021-24672	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 20, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation