🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > James Hooker

James Hooker

All Time Ranking

All Time Discoveries

Showing 41-53 of 53 Vulnerabilities

post highlights 2.0 - 2.6 - Cross-Site Scripting

6.1

CVE-2014-8087

Nov 3, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure

5.3

CVE-2014-8491

Oct 30, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting

6.1

CVE-2014-8492

Oct 30, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting

6.1

CVE-2014-7151

Oct 21, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting

7.2

CVE-2014-7238

Oct 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting

6.1

CVE-2014-8758

Oct 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting

6.1

CVE-2014-7240

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting

6.1

CVE-2014-6444

Oct 7, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload

9.8

CVE-2014-6446

Oct 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting

5.3

CVE-2014-6445

Oct 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting

7.2

CVE-2014-7152

Sep 26, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Gravity Upload Ajax <= 1.1 - Unrestricted File Upload

9.8

CVE-2014-4972

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Flash Uploader <= 3.1.2 - Arbitrary Command Execution

9.8

CVE-2014-5014

Jul 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
post highlights 2.0 - 2.6 - Cross-Site Scripting	CVE-2014-8087	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 3, 2014
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure	CVE-2014-8491	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 30, 2014
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting	CVE-2014-8492	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 30, 2014
NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting	CVE-2014-7151	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 21, 2014
Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting	CVE-2014-7238	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 18, 2014
Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting	CVE-2014-8758	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 18, 2014
Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting	CVE-2014-7240	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 17, 2014
Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting	CVE-2014-6444	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 7, 2014
Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload	CVE-2014-6446	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 6, 2014
Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting	CVE-2014-6445	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 6, 2014
Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting	CVE-2014-7152	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 26, 2014
Gravity Upload Ajax <= 1.1 - Unrestricted File Upload	CVE-2014-4972	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 1, 2014
Flash Uploader <= 3.1.2 - Arbitrary Command Execution	CVE-2014-5014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 18, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation