🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Kacper Szurek

Kacper Szurek

All Time Ranking

All Time Discoveries

Showing 41-60 of 63 Vulnerabilities

Slideshow Gallery <= 1.6 - Cross-Site Scripting

6.1

CVE ID Unknown

Mar 21, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Image Gallery – Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via linkbutton

6.1

CVE ID Unknown

Feb 8, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2015-9328

Nov 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting

6.1

CVE-2015-3299

Jul 7, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Floating Social Bar < 1.1.7 - Cross-Site Scripting

6.1

CVE-2015-5528

Jul 7, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Esplanade < 1.1.5 - Cross-Site Scripting

6.1

CVE ID Unknown

May 26, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting

6.1

CVE ID Unknown

May 5, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Image Gallery - Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via thumbtext

6.1

CVE ID Unknown

Mar 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2015-9329

Feb 26, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Custom Sidebars < 2.1.0.2 - Reflected Cross Site Scripting

6.1

CVE ID Unknown

Jan 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Greg's High Performance SEO <= 1.6.1 - Reflected Cross-Site Scripting

6.1

CVE-2015-9319

Jan 10, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MP3-jPlayer <= 1.8.11 - Cross-Site Scripting

6.1

CVE ID Unknown

Jan 5, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting

6.1

CVE-2014-9310

Dec 22, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting

6.1

CVE ID Unknown

Dec 9, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Symposium <= 14.10 - Cross-Site Scripting

6.1

CVE-2014-8809

Nov 26, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Gallery Manager <= 1.5.12 - Cross-Site Scripting

6.1

CVE-2014-125096

Nov 20, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Nov 8, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting

6.1

CVE-2014-8814

Nov 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting

6.1

CVE-2014-8815

Nov 6, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting

5.4

CVE-2014-9311

Apr 7, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Slideshow Gallery <= 1.6 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 21, 2016
Image Gallery – Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via linkbutton		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 8, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting	CVE-2015-9328	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 11, 2015
Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting	CVE-2015-3299	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2015
Floating Social Bar < 1.1.7 - Cross-Site Scripting	CVE-2015-5528	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2015
Esplanade < 1.1.5 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 26, 2015
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 5, 2015
Image Gallery - Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via thumbtext		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 12, 2015
Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting	CVE-2015-9329	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 26, 2015
Custom Sidebars < 2.1.0.2 - Reflected Cross Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 11, 2015
Greg's High Performance SEO <= 1.6.1 - Reflected Cross-Site Scripting	CVE-2015-9319	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 10, 2015
MP3-jPlayer <= 1.8.11 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 5, 2015
WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting	CVE-2014-9310	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 22, 2014
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds <= 3.3.1 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 9, 2014
WP Symposium <= 14.10 - Cross-Site Scripting	CVE-2014-8809	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 26, 2014
Gallery Manager <= 1.5.12 - Cross-Site Scripting	CVE-2014-125096	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 20, 2014
Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 8, 2014
WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting	CVE-2014-8814	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 6, 2014
Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting	CVE-2014-8815	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 6, 2014
WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting	CVE-2014-9311	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	April 7, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation