Wordfence Intelligence   >   Vulnerability Researchers   >   James Hooker

James Hooker

55
All Time Ranking
53
All Time Discoveries

Showing 1-20 of 53 Vulnerabilities

NewStatPress < 1.0.6 - SQL Injection
9.8
CVE-2015-9313
Jul 7, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Pie Register 2.0.14-2.0.15 - SQL Injection
9.8
CVE ID Unknown
May 4, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Registration Forms – User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass
9.8
CVE ID Unknown
May 4, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection
9.8
CVE ID Unknown
Apr 28, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload
9.8
CVE ID Unknown
Mar 9, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Store Locator < 3.34 - SQL Injection
9.8
CVE ID Unknown
Feb 9, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution
9.8
CVE-2015-9351
Feb 2, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Store Locator 2.3 - 3.11 - SQL Injection
9.8
CVE-2014-8621
Nov 5, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload
9.8
CVE-2014-6446
Oct 6, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Gravity Upload Ajax <= 1.1 - Unrestricted File Upload
9.8
CVE-2014-4972
Aug 1, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Flash Uploader <= 3.1.2 - Arbitrary Command Execution
9.8
CVE-2014-5014
Jul 18, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE-2015-9322
Jun 18, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Gallery Bank – WordPress Photo Gallery <= 3.0.101 - SQL Injection
8.8
CVE ID Unknown
Feb 21, 2015
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection
8.8
CVE ID Unknown
Feb 9, 2015
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection
8.8
CVE-2014-9442
Dec 22, 2014
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MiwoFTP < 1.0.5 - Arbitrary File Download
8.6
CVE ID Unknown
Apr 14, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass
8.6
CVE ID Unknown
Feb 2, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Custom Community 2.0 - 2.0.24 - Stored Cross-Site Scripting
8.3
CVE ID Unknown
Mar 9, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Ultimate CSV Importer < 3.6.75 - Information Disclosure
7.5
CVE ID Unknown
Feb 22, 2015
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Sell Downloads <= 1.0.1 - Arbitrary File Read
7.5
CVE-2014-9511
Dec 29, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Title CVE ID CVSS Vector Date
NewStatPress < 1.0.6 - SQL Injection CVE-2015-9313 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 7, 2015
Pie Register 2.0.14-2.0.15 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 4, 2015
Registration Forms – User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 4, 2015
rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 28, 2015
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 9, 2015
Store Locator < 3.34 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 9, 2015
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution CVE-2015-9351 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 2, 2015
Store Locator 2.3 - 3.11 - SQL Injection CVE-2014-8621 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 5, 2014
Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload CVE-2014-6446 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 6, 2014
Gravity Upload Ajax <= 1.1 - Unrestricted File Upload CVE-2014-4972 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 1, 2014
Flash Uploader <= 3.1.2 - Arbitrary Command Execution CVE-2014-5014 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 18, 2014
Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2015-9322 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H June 18, 2015
Gallery Bank – WordPress Photo Gallery <= 3.0.101 - SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 21, 2015
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2015
Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection CVE-2014-9442 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 22, 2014
MiwoFTP < 1.0.5 - Arbitrary File Download 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N April 14, 2015
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H February 2, 2015
Custom Community 2.0 - 2.0.24 - Stored Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L March 9, 2015
Ultimate CSV Importer < 3.6.75 - Information Disclosure 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N February 22, 2015
Sell Downloads <= 1.0.1 - Arbitrary File Read CVE-2014-9511 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 29, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation