🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Larry W. Cashdollar

Larry W. Cashdollar

All Time Ranking

135

All Time Discoveries

Showing 41-60 of 135 Vulnerabilities

Webcam Video Conference <= 4.91.8 - Unrestricted File Upload leading to Remote Code Execuction

9.8

CVE-2015-9271

Mar 29, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Google Adsense and Hotel Booking <= 1.05 - Open Proxy

9.1

CVE-2015-1000009

Aug 15, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Image Export < 1.1.1 - Path Traversal

9.1

CVE-2015-5609

Jul 1, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

RK Responsive Contact Form <= 1.0.0 - SQL Injection

8.8

CVE-2017-1002027

Aug 5, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Event Expresso Free <= 3.1.37.11.L - Authenticated SQL Injection

8.8

CVE-2017-1002026

Jul 4, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

surveys <= 1.01.8 - Authenticated SQL Injection

8.8

CVE-2017-1002022

May 21, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Membership Simplified <= 1.58 Beta - SQL Injection

8.8

CVE-2017-1002010

Mar 17, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

eShop <= 6.3.14 - Multiple SQL Injections

8.8

CVE-2016-0769

Feb 2, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Cool Video Gallery <= 1.9 - Authenticated Command Injection

8.8

CVE-2015-7527

Dec 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

wp-championship < 5.9 - SQL Injection

8.8

CVE-2015-5308

Oct 23, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Command Execution

8.8

CVE-2015-4336

May 10, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP-DBManager < 2.72 - Command Injection

8.8

CVE-2014-8335

Oct 13, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zip Attachments <= 1.5 - Directory Traversal

8.6

CVE-2015-4694

Jun 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

File Download <= 1.4 - Open Proxy

8.2

CVE-2015-1000002

Mar 27, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

WP-DBManager < 2.72 - OS Command Injection

7.8

CVE-2014-8334

Oct 13, 2014

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BackWPup <= 3.4.1 - Unauthenticated Backup Download

7.5

CVE-2017-2551

Sep 8, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Dtracker <= 1.5 - Missing Authorization

7.5

CVE-2017-1002006

Mar 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

DTracker <= 1.5 - Authorization Bypass

7.5

CVE-2017-1002007

Mar 8, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

wptf-image-gallery <= 1.0.3 - Arbitrary File Download

7.5

CVE-2015-1000007

Jul 18, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Recent Backups <= 0.7 - Directory Traversal

7.5

CVE-2015-1000006

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Webcam Video Conference <= 4.91.8 - Unrestricted File Upload leading to Remote Code Execuction	CVE-2015-9271	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 29, 2015
Google Adsense and Hotel Booking <= 1.05 - Open Proxy	CVE-2015-1000009	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 15, 2015
Image Export < 1.1.1 - Path Traversal	CVE-2015-5609	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 1, 2015
RK Responsive Contact Form <= 1.0.0 - SQL Injection	CVE-2017-1002027	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 5, 2017
Event Expresso Free <= 3.1.37.11.L - Authenticated SQL Injection	CVE-2017-1002026	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 4, 2017
surveys <= 1.01.8 - Authenticated SQL Injection	CVE-2017-1002022	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 21, 2017
Membership Simplified <= 1.58 Beta - SQL Injection	CVE-2017-1002010	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 17, 2017
eShop <= 6.3.14 - Multiple SQL Injections	CVE-2016-0769	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 2, 2016
Cool Video Gallery <= 1.9 - Authenticated Command Injection	CVE-2015-7527	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 2, 2015
wp-championship < 5.9 - SQL Injection	CVE-2015-5308	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 23, 2015
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Command Execution	CVE-2015-4336	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 10, 2015
WP-DBManager < 2.72 - Command Injection	CVE-2014-8335	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 13, 2014
Zip Attachments <= 1.5 - Directory Traversal	CVE-2015-4694	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	June 12, 2015
File Download <= 1.4 - Open Proxy	CVE-2015-1000002	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N	March 27, 2017
WP-DBManager < 2.72 - OS Command Injection	CVE-2014-8334	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 13, 2014
BackWPup <= 3.4.1 - Unauthenticated Backup Download	CVE-2017-2551	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	September 8, 2017
Dtracker <= 1.5 - Missing Authorization	CVE-2017-1002006	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	March 13, 2017
DTracker <= 1.5 - Authorization Bypass	CVE-2017-1002007	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	March 8, 2017
wptf-image-gallery <= 1.0.3 - Arbitrary File Download	CVE-2015-1000007	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 18, 2015
Recent Backups <= 0.7 - Directory Traversal	CVE-2015-1000006	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 13, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation