🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Larry W. Cashdollar

Larry W. Cashdollar

All Time Ranking

135

All Time Discoveries

Showing 61-80 of 135 Vulnerabilities

Candidate Application Form <= 1.3 - Arbitrary File Download

7.5

CVE-2015-1000005

Jul 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

IBS Mappro < 1.0 - Directory Traversal

7.5

CVE-2015-5472

Jul 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP eCommerce Shop Styling < 2.6 - Directory Traversal

7.5

CVE-2015-5468

Jul 5, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

MDC YouTube Downloader < 2.1.1 - Directory Traversal

7.5

CVE-2015-5469

Jul 2, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Download ZIP Attachments <= 1.0 - Directory Traversal

7.5

CVE-2015-4704

Jun 26, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WordPress Renaming Tool by Vlajo <= 1.0 - Path Traversal

7.5

CVE-2015-4703

Jun 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Database Backup for WordPress <= 2.2.4 - Missing Authorization

7.5

CVE-2014-10076

Nov 2, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure

7.5

CVE-2014-8604

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure

7.5

CVE-2014-8605

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection

7.2

CVE-2018-1002000

Sep 18, 2018

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Add Edit Delete Listing Module <= 1.0 - SQL Injection

7.2

CVE-2017-1002025

Jul 5, 2017

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Gift Certificate Creator <= 1.0 - Stored Cross-Site Scripting

7.2

CVE-2017-1002017

Jun 11, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution

7.2

CVE-2014-8603

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure

7.2

CVE-2014-8607

Oct 17, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Simple Image Manipulator <= 1.0 - Remote File Download

6.5

CVE-2015-1000010

Aug 2, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Easy2Map <= 1.2.4 - Directory Traversal

6.5

CVE-2015-4616

Jun 8, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

WP DB Manager < 2.7.2 - Arbitrary File Read

6.5

CVE-2014-8336

Oct 13, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Rockhoist Badges <= 1.2.2 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2017-6102

Mar 3, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Media File Renamer < 1.9.4 - Stored Cross-Site Scripting

6.4

CVE-2014-2040

Jan 31, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting

6.1

CVE-2018-1002007

Sep 18, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Candidate Application Form <= 1.3 - Arbitrary File Download	CVE-2015-1000005	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 12, 2015
IBS Mappro < 1.0 - Directory Traversal	CVE-2015-5472	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 8, 2015
WP eCommerce Shop Styling < 2.6 - Directory Traversal	CVE-2015-5468	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 5, 2015
MDC YouTube Downloader < 2.1.1 - Directory Traversal	CVE-2015-5469	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 2, 2015
Download ZIP Attachments <= 1.0 - Directory Traversal	CVE-2015-4704	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 26, 2015
WordPress Renaming Tool by Vlajo <= 1.0 - Path Traversal	CVE-2015-4703	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	June 12, 2015
Database Backup for WordPress <= 2.2.4 - Missing Authorization	CVE-2014-10076	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	November 2, 2014
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure	CVE-2014-8604	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 17, 2014
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure	CVE-2014-8605	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 17, 2014
Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection	CVE-2018-1002000	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 18, 2018
Add Edit Delete Listing Module <= 1.0 - SQL Injection	CVE-2017-1002025	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 5, 2017
Gift Certificate Creator <= 1.0 - Stored Cross-Site Scripting	CVE-2017-1002017	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 11, 2017
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution	CVE-2014-8603	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 17, 2014
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure	CVE-2014-8607	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 17, 2014
Simple Image Manipulator <= 1.0 - Remote File Download	CVE-2015-1000010	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	August 2, 2015
Easy2Map <= 1.2.4 - Directory Traversal	CVE-2015-4616	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	June 8, 2015
WP DB Manager < 2.7.2 - Arbitrary File Read	CVE-2014-8336	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	October 13, 2014
Rockhoist Badges <= 1.2.2 - Authenticated Stored Cross-Site Scripting	CVE-2017-6102	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 3, 2017
Media File Renamer < 1.9.4 - Stored Cross-Site Scripting	CVE-2014-2040	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 31, 2014
Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting	CVE-2018-1002007	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 18, 2018

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation