🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 101-120 of 126 Vulnerabilities

Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments

5.4

CVE-2021-24637

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API

9.1

CVE-2021-24638

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls

5.4

CVE-2021-24635

Aug 18, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WordPress Slider Block Gutenslider <= 5.1.5 - Cross-Site Scripting

5.4

CVE-2021-24640

Aug 18, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery

8.1

CVE-2021-24636

Aug 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls

6.5

CVE-2021-24652

Aug 17, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24759

Aug 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection

8.8

CVE-2021-24506

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24486

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24541

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24471

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24540

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24446

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24509

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4

CVE-2021-24503

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24468

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24467

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference

4.3

CVE-2021-24473

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Yada Wiki <= 3.4 - Stored Cross-Site Scripting

5.4

CVE-2021-24470

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24464

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments	CVE-2021-24637	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 23, 2021
OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API	CVE-2021-24638	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls	CVE-2021-24635	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	August 18, 2021
WordPress Slider Block Gutenslider <= 5.1.5 - Cross-Site Scripting	CVE-2021-24640	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 18, 2021
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery	CVE-2021-24636	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	August 18, 2021
PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls	CVE-2021-24652	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	August 17, 2021
PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24759	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	August 11, 2021
Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection	CVE-2021-24506	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 26, 2021
Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24486	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 26, 2021
Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24541	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24471	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24540	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24446	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2021
Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24509	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 12, 2021
Popular Brand Icons - Simple Icons <= 2.7.7 - Authenticated Cross-Site Scripting	CVE-2021-24503	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 5, 2021
Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24468	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 1, 2021
Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24467	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 1, 2021
User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference	CVE-2021-24473	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 28, 2021
Yada Wiki <= 3.4 - Stored Cross-Site Scripting	CVE-2021-24470	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 28, 2021
YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24464	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 28, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation