🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 81-100 of 126 Vulnerabilities

Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting

6.4

CVE-2021-24828

Nov 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24751

Nov 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24682

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24734

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting

6.4

CVE-2021-24743

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PDF Flipbook, 3D Flipbook WordPress – DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24732

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting

6.4

CVE-2021-24671

Aug 25, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24541

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24471

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24540

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24468

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24464

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24433

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure

6.5

CVE-2021-25059

Nov 2, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal

6.5

CVE-2021-24962

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion

6.5

CVE-2021-24843

Jan 4, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery

6.5

CVE-2021-24852

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery

6.5

CVE-2021-24766

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Logo Slider and Showcase <= 1.3.36 - Settings Update

6.5

CVE-2021-24742

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Stylish Price List <= 6.9.0 - Missing Authorization

6.5

CVE-2021-24770

Sep 29, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting	CVE-2021-24828	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 16, 2021
GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24751	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 1, 2021
Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24682	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 28, 2021
Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24734	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting	CVE-2021-24743	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
PDF Flipbook, 3D Flipbook WordPress – DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24732	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 15, 2021
MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting	CVE-2021-24671	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 25, 2021
Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24541	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24471	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24540	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24468	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 1, 2021
YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24464	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 28, 2021
Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24433	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 21, 2021
Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure	CVE-2021-25059	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	November 2, 2022
WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal	CVE-2021-24962	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion	CVE-2021-24843	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	January 4, 2022
MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery	CVE-2021-24852	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	October 18, 2021
404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery	CVE-2021-24766	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	October 11, 2021
Logo Slider and Showcase <= 1.3.36 - Settings Update	CVE-2021-24742	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	October 4, 2021
Stylish Price List <= 6.9.0 - Missing Authorization	CVE-2021-24770	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	September 29, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation