🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 1-20 of 126 Vulnerabilities

PDF Light Viewer <= 1.4.11 - Authenticated Command Injection

9.9

CVE-2021-24684

Sep 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection

9.8

CVE-2021-24762

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Stylish Price List < 6.9.0 - Arbitrary Image Upload

9.8

CVE-2021-24757

Sep 29, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API

9.1

CVE-2021-24638

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

9.0

CVE-2021-24693

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery

8.8

CVE-2021-24761

Dec 29, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities

8.8

CVE-2021-24696

Dec 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery

8.8

CVE-2021-24804

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection

8.8

CVE-2021-24669

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Perfect Survey <= 1.5.2 - Cross-Site Request Forgery

8.8

CVE-2021-24763

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AutomatorWP <= 1.7.5 - Privilege Escalation

8.8

CVE-2021-24717

Sep 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery

8.8

CVE-2021-24683

Sep 7, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection

8.8

CVE-2021-24506

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Images to WebP < 1.9 - Cross-Site Request Forgery

8.1

CVE-2021-24641

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection

8.1

CVE-2021-24465

Sep 2, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

OMGF <= 4.5.3 - Subscriber+ Arbitrary File/Folder Deletion

8.1

CVE-2021-24639

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery

8.1

CVE-2021-24636

Aug 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

7.5

CVE-2021-24820

Feb 1, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Images to WebP <= 1.8 - Local File Inclusion

7.5

CVE-2021-24644

Oct 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Poll Maker < 3.4.2 - Unauthenticated SQL Injection

7.5

CVE-2021-24651

Sep 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
PDF Light Viewer <= 1.4.11 - Authenticated Command Injection	CVE-2021-24684	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	September 15, 2021
Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection	CVE-2021-24762	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Stylish Price List < 6.9.0 - Arbitrary Image Upload	CVE-2021-24757	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 29, 2021
OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API	CVE-2021-24638	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail	CVE-2021-24693	9.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H	October 5, 2021
Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery	CVE-2021-24761	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 29, 2021
Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities	CVE-2021-24696	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 21, 2021
Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery	CVE-2021-24804	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection	CVE-2021-24669	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 11, 2021
Perfect Survey <= 1.5.2 - Cross-Site Request Forgery	CVE-2021-24763	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 5, 2021
AutomatorWP <= 1.7.5 - Privilege Escalation	CVE-2021-24717	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 28, 2021
Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery	CVE-2021-24683	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 7, 2021
Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection	CVE-2021-24506	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 26, 2021
Images to WebP < 1.9 - Cross-Site Request Forgery	CVE-2021-24641	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	October 19, 2021
Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection	CVE-2021-24465	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	September 2, 2021
OMGF <= 4.5.3 - Subscriber+ Arbitrary File/Folder Deletion	CVE-2021-24639	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery	CVE-2021-24636	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	August 18, 2021
Cost Calculator <= 1.8 - Authenticated Local File Inclusion	CVE-2021-24820	7.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	February 1, 2022
Images to WebP <= 1.8 - Local File Inclusion	CVE-2021-24644	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 19, 2021
Poll Maker < 3.4.2 - Unauthenticated SQL Injection	CVE-2021-24651	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 13, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation