🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 101-120 of 126 Vulnerabilities

WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update

6.5

CVE-2021-24779

Sep 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

One User Avatar <= 2.3.6 - Cross-Site Request Forgery

6.5

CVE-2021-24675

Sep 20, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Simple Download Monitor <= 3.9.4 - Contributor+ Arbitrary File Download

6.5

CVE-2021-24692

Sep 2, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls

6.5

CVE-2021-24652

Aug 17, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Yes/No Chart < 1.0.12 - Authenticated SQL Injection

6.5

CVE-2021-24360

May 31, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP

7.2

CVE-2021-24765

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

7.5

CVE-2021-24820

Feb 1, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Poll Maker < 3.4.2 - Unauthenticated SQL Injection

7.5

CVE-2021-24651

Sep 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Images to WebP < 1.9 - Cross-Site Request Forgery

8.1

CVE-2021-24641

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection

8.1

CVE-2021-24465

Sep 2, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

OMGF <= 4.5.3 - Subscriber+ Arbitrary File/Folder Deletion

8.1

CVE-2021-24639

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery

8.1

CVE-2021-24636

Aug 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery

8.8

CVE-2021-24761

Dec 29, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities

8.8

CVE-2021-24696

Dec 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery

8.8

CVE-2021-24804

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection

8.8

CVE-2021-24669

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Perfect Survey <= 1.5.2 - Cross-Site Request Forgery

8.8

CVE-2021-24763

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AutomatorWP <= 1.7.5 - Privilege Escalation

8.8

CVE-2021-24717

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery

8.8

CVE-2021-24683

Sep 7, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update	CVE-2021-24779	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	September 27, 2021
One User Avatar <= 2.3.6 - Cross-Site Request Forgery	CVE-2021-24675	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	September 20, 2021
Simple Download Monitor <= 3.9.4 - Contributor+ Arbitrary File Download	CVE-2021-24692	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	September 2, 2021
PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls	CVE-2021-24652	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	August 17, 2021
Yes/No Chart < 1.0.12 - Authenticated SQL Injection	CVE-2021-24360	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	May 31, 2021
Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP	CVE-2021-24765	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 5, 2021
Cost Calculator <= 1.8 - Authenticated Local File Inclusion	CVE-2021-24820	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021
Poll Maker < 3.4.2 - Unauthenticated SQL Injection	CVE-2021-24651	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 13, 2021
Images to WebP < 1.9 - Cross-Site Request Forgery	CVE-2021-24641	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	October 19, 2021
Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection	CVE-2021-24465	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	September 2, 2021
OMGF <= 4.5.3 - Subscriber+ Arbitrary File/Folder Deletion	CVE-2021-24639	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery	CVE-2021-24636	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	August 18, 2021
Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery	CVE-2021-24761	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 29, 2021
Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities	CVE-2021-24696	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 21, 2021
Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery	CVE-2021-24804	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection	CVE-2021-24669	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 11, 2021
Perfect Survey <= 1.5.2 - Cross-Site Request Forgery	CVE-2021-24763	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 5, 2021
AutomatorWP <= 1.7.5 - Privilege Escalation	CVE-2021-24717	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 28, 2021
Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery	CVE-2021-24683	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 7, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation