Larry W. Cashdollar

Title	CVE ID	CVSS	Vector	Date
eShop <= 6.3.14 - Multiple SQL Injections	CVE-2016-0769	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 2, 2016
eShop <= 6.3.14 - Multiple Cross-Site Scripting	CVE-2016-0765	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2016
Connections Business Directory < 8.5.9 - Cross-Site Scripting	CVE-2016-0770	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 1, 2016
Cool Video Gallery <= 1.9 - Authenticated Command Injection	CVE-2015-7527	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 2, 2015
Double Opt-In for Download <= 2.0.8 - SQL Injection	CVE-2015-7517	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 24, 2015
wp-championship < 5.9 - SQL Injection	CVE-2015-5308	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 23, 2015
MyPixs <= 0.3 - Local File Inclusion	CVE-2015-1000012	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 15, 2015
DukaPress <= 2.5.9 - Blind SQL Injection	CVE-2015-1000011	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 22, 2015
Google Adsense and Hotel Booking <= 1.05 - Open Proxy	CVE-2015-1000009	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 15, 2015
Simple Image Manipulator <= 1.0 - Remote File Download	CVE-2015-1000010	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	August 2, 2015
wptf-image-gallery <= 1.0.3 - Arbitrary File Download	CVE-2015-1000007	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 18, 2015
WPE Indoshipping <= 2.5.0 - Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 13, 2015
Recent Backups <= 0.7 - Directory Traversal	CVE-2015-1000006	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 13, 2015
WP Front-End Repository Manager <= 1.1 - Unauthenticated Arbitrary File Upload		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 12, 2015
MP3-jPlayer <= 2.4.2 - Full Path Disclosure	CVE-2015-1000008	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 12, 2015
Candidate Application Form <= 1.3 - Arbitrary File Download	CVE-2015-1000005	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2015
filedownload < 1.4 - Blind SQL Injection	CVE-2015-1000003	9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 11, 2015
filedownload plugin <= 1.4 - Cross-Site Scripting	CVE-2015-1000004	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 11, 2015
MailCWP <= 1.100 - Arbitrary File Upload	CVE-2016-1000156	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 10, 2015
MailCWP <= 1.100 - Arbitrary File Upload	CVE-2015-1000000	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 9, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation