🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > High-Tech Bridge Security Research Lab

High-Tech Bridge Security Research Lab

All Time Ranking

All Time Discoveries

Showing 1-20 of 47 Vulnerabilities

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 0.59 - SQL Injection

9.8

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload

9.8

CVE-2014-1905

Feb 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion

9.8

CVE-2014-1907

Feb 27, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Forum Server <= 1.6.5 - SQL Injection

9.8

CVE-2011-1047

Feb 22, 2011

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CDN Vote < 0.4.2 - SQL Injection

9.8

CVE-2011-5308

Feb 8, 2011

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery

9.6

CVE-2014-2579

Apr 9, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion

9.0

CVE-2015-8351

Nov 4, 2015

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery

8.8

CVE-2015-3986

Apr 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Mingle Forum < 1.0.34 - Unauthenticated SQL Injection

8.8

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery

8.8

CVE-2013-6992

Dec 26, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Social Slider < 7.4.2 - SQL Injection

8.8

CVE-2011-5286

Jul 20, 2011

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure

7.5

CVE-2015-3302

Apr 29, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters

7.4

CVE-2014-6242

Sep 24, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2015-2062

Mar 12, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MailPoet Newsletters <= 2.2 - Multiple SQL Injections

7.2

CVE-2013-1408

Feb 3, 2013

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Photo Album Plus < 6.1.3 - Cross-Site Scripting

7.1

CVE-2015-3647

May 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting

7.1

CVE-2014-1906

Feb 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting

7.1

CVE-2012-1835

Apr 11, 2012

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting

6.1

CVE-2015-8354

Dec 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Role Scoper (Obsolete – Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting

6.1

CVE-2015-8353

Dec 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 0.59 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 1, 2014
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload	CVE-2014-1905	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 27, 2014
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion	CVE-2014-1907	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 27, 2014
WP Forum Server <= 1.6.5 - SQL Injection	CVE-2011-1047	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 22, 2011
CDN Vote < 0.4.2 - SQL Injection	CVE-2011-5308	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 8, 2011
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery	CVE-2014-2579	9.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	April 9, 2014
Gwolle Guestbook <= 1.5.3 - Remote File Inclusion	CVE-2015-8351	9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	November 4, 2015
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery	CVE-2015-3986	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 8, 2015
Mingle Forum < 1.0.34 - Unauthenticated SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 1, 2014
AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery	CVE-2013-6992	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 26, 2013
Social Slider < 7.4.2 - SQL Injection	CVE-2011-5286	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 20, 2011
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure	CVE-2015-3302	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 29, 2015
All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters	CVE-2014-6242	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	September 24, 2014
Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection	CVE-2015-2062	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 12, 2015
MailPoet Newsletters <= 2.2 - Multiple SQL Injections	CVE-2013-1408	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	February 3, 2013
WP Photo Album Plus < 6.1.3 - Cross-Site Scripting	CVE-2015-3647	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	May 20, 2015
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting	CVE-2014-1906	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	February 6, 2014
Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting	CVE-2012-1835	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	April 11, 2012
Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting	CVE-2015-8354	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2015
Role Scoper (Obsolete – Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting	CVE-2015-8353	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 2, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation