🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > James Hooker

James Hooker

All Time Ranking

All Time Discoveries

Showing 1-20 of 53 Vulnerabilities

Flash Uploader <= 3.1.2 - Arbitrary Command Execution

9.8

CVE-2014-5014

Jul 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravity Upload Ajax <= 1.1 - Unrestricted File Upload

9.8

CVE-2014-4972

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting

7.2

CVE-2014-7152

Sep 26, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload

9.8

CVE-2014-6446

Oct 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting

5.3

CVE-2014-6445

Oct 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting

6.1

CVE-2014-6444

Oct 7, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting

6.1

CVE-2014-7240

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting

7.2

CVE-2014-7238

Oct 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting

6.1

CVE-2014-8758

Oct 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting

6.1

CVE-2014-7151

Oct 21, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure

5.3

CVE-2014-8491

Oct 30, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting

6.1

CVE-2014-8492

Oct 30, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

post highlights 2.0 - 2.6 - Cross-Site Scripting

6.1

CVE-2014-8087

Nov 3, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Store Locator 2.3 - 3.11 - SQL Injection

9.8

CVE-2014-8621

Nov 5, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection

8.8

CVE-2014-9442

Dec 22, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sell Downloads <= 1.0.1 - Arbitrary File Read

7.5

CVE-2014-9511

Dec 29, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure

6.5

CVE-2014-9461

Jan 1, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass

8.6

CVE ID Unknown

Feb 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

SpiderVPlayer< 1.5.5 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Feb 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution

9.8

CVE-2015-9351

Feb 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Flash Uploader <= 3.1.2 - Arbitrary Command Execution	CVE-2014-5014	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 18, 2014
Gravity Upload Ajax <= 1.1 - Unrestricted File Upload	CVE-2014-4972	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 1, 2014
Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting	CVE-2014-7152	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 26, 2014
Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload	CVE-2014-6446	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 6, 2014
Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting	CVE-2014-6445	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 6, 2014
Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting	CVE-2014-6444	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 7, 2014
Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting	CVE-2014-7240	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 17, 2014
Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting	CVE-2014-7238	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 18, 2014
Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting	CVE-2014-8758	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 18, 2014
NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting	CVE-2014-7151	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 21, 2014
Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure	CVE-2014-8491	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	October 30, 2014
Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting	CVE-2014-8492	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 30, 2014
post highlights 2.0 - 2.6 - Cross-Site Scripting	CVE-2014-8087	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 3, 2014
Store Locator 2.3 - 3.11 - SQL Injection	CVE-2014-8621	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 5, 2014
Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection	CVE-2014-9442	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 22, 2014
Sell Downloads <= 1.0.1 - Arbitrary File Read	CVE-2014-9511	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 29, 2014
Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure	CVE-2014-9461	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	January 1, 2015
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H	February 2, 2015
SpiderVPlayer< 1.5.5 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2015
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution	CVE-2015-9351	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 2, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation