🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > LVT-tholv2k

LVT-tholv2k

All Time Ranking

115

All Time Discoveries

Showing 61-80 of 115 Vulnerabilities

GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode

6.4

CVE-2024-30192

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29912

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-29933

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29762

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29820

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-30184

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-29769

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29925

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29812

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29766

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29909

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29926

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29927

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29906

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29761

Mar 25, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

MyCurator Content Curation <= 3.76 - Reflected Cross-Site Scripting

6.1

CVE-2024-29139

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tourfic <= 2.11.7 - Reflected Cross-Site Scripting

6.1

CVE-2024-29137

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2024-29136

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-29135

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-29134

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode	CVE-2024-30192	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29912	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-29933	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29762	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29820	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-30184	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2024-29769	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29925	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29812	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29766	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29909	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29926	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29927	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29906	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29761	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 25, 2024
MyCurator Content Curation <= 3.76 - Reflected Cross-Site Scripting	CVE-2024-29139	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 18, 2024
Tourfic <= 2.11.7 - Reflected Cross-Site Scripting	CVE-2024-29137	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 18, 2024
Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection	CVE-2024-29136	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-29135	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-29134	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 18, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation