🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 41-60 of 126 Vulnerabilities

QR Redirector < 1.6.1 - Stored Cross-Site Scripting

5.4

CVE-2021-24854

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery

8.8

CVE-2021-24804

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

QR Redirector <= 1.5 - Cross-Site Request Forgery

4.3

CVE-2021-24853

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Colorful Categories < 2.0.15 - Cross-Site Request Forgery

4.3

CVE-2021-24802

Oct 13, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery

6.5

CVE-2021-24766

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting

6.1

CVE-2021-24798

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection

8.8

CVE-2021-24669

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion

4.3

CVE-2021-24783

Oct 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming

4.3

CVE-2021-24816

Oct 6, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery

4.3

CVE-2021-24767

Oct 6, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery

4.3

CVE-2021-24674

Oct 6, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Perfect Survey <= 1.5.2 - Cross-Site Request Forgery

8.8

CVE-2021-24763

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting

6.1

CVE-2021-24764

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting

6.1

CVE-2021-24697

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection

9.8

CVE-2021-24762

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP

7.2

CVE-2021-24765

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

9.0

CVE-2021-24693

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal

4.3

CVE-2021-24698

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure

5.3

CVE-2021-24695

Oct 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Image Source Control Lite < 2.3.1 - Insecure Direct Object Reference

4.3

CVE-2021-24781

Oct 4, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
QR Redirector < 1.6.1 - Stored Cross-Site Scripting	CVE-2021-24854	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery	CVE-2021-24804	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 18, 2021
QR Redirector <= 1.5 - Cross-Site Request Forgery	CVE-2021-24853	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 18, 2021
Colorful Categories < 2.0.15 - Cross-Site Request Forgery	CVE-2021-24802	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 13, 2021
404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery	CVE-2021-24766	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	October 11, 2021
WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting	CVE-2021-24798	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2021
MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection	CVE-2021-24669	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 11, 2021
Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion	CVE-2021-24783	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 11, 2021
Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming	CVE-2021-24816	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 6, 2021
Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery	CVE-2021-24767	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2021
Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery	CVE-2021-24674	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2021
Perfect Survey <= 1.5.2 - Cross-Site Request Forgery	CVE-2021-24763	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 5, 2021
Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting	CVE-2021-24764	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 5, 2021
Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting	CVE-2021-24697	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 5, 2021
Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection	CVE-2021-24762	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 5, 2021
Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP	CVE-2021-24765	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 5, 2021
Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail	CVE-2021-24693	9.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H	October 5, 2021
Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal	CVE-2021-24698	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 5, 2021
Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure	CVE-2021-24695	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 5, 2021
Image Source Control Lite < 2.3.1 - Insecure Direct Object Reference	CVE-2021-24781	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 4, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation