🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > High-Tech Bridge Security Research Lab

High-Tech Bridge Security Research Lab

All Time Ranking

All Time Discoveries

Showing 1-20 of 47 Vulnerabilities

Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting

6.1

CVE-2015-8354

Dec 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Role Scoper (Obsolete – Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting

6.1

CVE-2015-8353

Dec 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion

9.0

CVE-2015-8351

Nov 4, 2015

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

WordPress Calls to Action < 2.5.1 - Cross-Site Scripting

6.1

CVE-2015-8350

Nov 4, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

qTranslate <= 2.5.39 - Cross-Site Scripting

6.1

CVE-2015-5535

Jul 29, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting

6.1

CVE-2015-5532

Jul 22, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Photo Album Plus < 6.1.3 - Cross-Site Scripting

7.1

CVE-2015-3647

May 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

eShop <= 6.3.11 - Cross-Site Scripting

6.1

CVE-2015-3421

May 6, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal

4.9

CVE-2015-3301

Apr 29, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting

6.1

CVE-2015-3300

Apr 29, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure

7.5

CVE-2015-3302

Apr 29, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery

8.8

CVE-2015-3986

Apr 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2015-2062

Mar 12, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Easing Slider <= 2.2.0.6 - Cross-Site Scripting

5.4

CVE-2015-1436

Feb 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting

6.1

CVE-2014-7182

Oct 15, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form DB <= 2.8.19 - Cross-Site Scripting

6.1

CVE-2014-7139

Oct 10, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVE-2014-6243

Oct 9, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2014-7138

Oct 8, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters

7.4

CVE-2014-6242

Sep 24, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting

6.1

CVE-2013-4625

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting	CVE-2015-8354	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2015
Role Scoper (Obsolete – Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting	CVE-2015-8353	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2015
Gwolle Guestbook <= 1.5.3 - Remote File Inclusion	CVE-2015-8351	9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	November 4, 2015
WordPress Calls to Action < 2.5.1 - Cross-Site Scripting	CVE-2015-8350	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 4, 2015
qTranslate <= 2.5.39 - Cross-Site Scripting	CVE-2015-5535	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 29, 2015
Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting	CVE-2015-5532	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 22, 2015
WP Photo Album Plus < 6.1.3 - Cross-Site Scripting	CVE-2015-3647	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	May 20, 2015
eShop <= 6.3.11 - Cross-Site Scripting	CVE-2015-3421	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 6, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal	CVE-2015-3301	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	April 29, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting	CVE-2015-3300	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 29, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure	CVE-2015-3302	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 29, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery	CVE-2015-3986	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 8, 2015
Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection	CVE-2015-2062	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 12, 2015
Easing Slider <= 2.2.0.6 - Cross-Site Scripting	CVE-2015-1436	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	February 11, 2015
WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting	CVE-2014-7182	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 15, 2014
Contact Form DB <= 2.8.19 - Cross-Site Scripting	CVE-2014-7139	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 10, 2014
EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting	CVE-2014-6243	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 9, 2014
Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting	CVE-2014-7138	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 8, 2014
All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters	CVE-2014-6242	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	September 24, 2014
Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting	CVE-2013-4625	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 1, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation