Kacper Szurek

Title	CVE ID	CVSS	Vector	Date
Admin Management Xtended <= 2.4.0 - Missing Authorization Checks	CVE-2015-9390	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 14, 2015
Page Builder by SiteOrigin < 2.0.5 - Reflected Cross-Site Scripting		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 1, 2015
Store Locator Plus < 4.2.27 - Email Injection		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 17, 2015
WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting	CVE-2014-9311	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	April 7, 2015
Lingotek Translation <= 1.1.8 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 20, 2016
Comments - wpDiscuz <= 3.1.4 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2016
Wordfence Security – Firewall & Malware Scan 6.1.1 - 6.1.6 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 10, 2016
Slideshow Gallery <= 1.6 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 21, 2016
Image Gallery – Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via linkbutton		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 8, 2016
Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting	CVE-2015-9328	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 11, 2015
Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting	CVE-2015-3299	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2015
Floating Social Bar < 1.1.7 - Cross-Site Scripting	CVE-2015-5528	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 7, 2015
Esplanade < 1.1.5 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 26, 2015
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 5, 2015
Image Gallery - Responsive Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting via thumbtext		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 12, 2015
Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting	CVE-2015-9329	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 26, 2015
Custom Sidebars < 2.1.0.2 - Reflected Cross Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 11, 2015
Greg's High Performance SEO <= 1.6.1 - Reflected Cross-Site Scripting	CVE-2015-9319	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 10, 2015
MP3-jPlayer <= 1.8.11 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 5, 2015
WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting	CVE-2014-9310	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 22, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation