🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > LVT-tholv2k

LVT-tholv2k

All Time Ranking

115

All Time Discoveries

Showing 1-20 of 115 Vulnerabilities

WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection

10.0

CVE-2024-32709

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection

10.0

CVE-2024-30490

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection

10.0

CVE-2024-30498

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-32710

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-31355

Apr 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30535

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection

9.9

CVE-2024-30491

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30499

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30497

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30488

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30238

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30239

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection

9.8

CVE-2024-30222

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection

9.8

CVE-2024-30223

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Active Products Tables for WooCommerce <= 1.0.6 - Unauthenticated PHP Object Injection

9.8

CVE-2023-51505

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection

8.8

CVE-2024-30244

Mar 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2024-29136

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-29135

Mar 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution

8.8

CVE-2024-27972

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode

8.8

CVE-2024-27191

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection	CVE-2024-32709	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	April 22, 2024
ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection	CVE-2024-30490	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection	CVE-2024-30498	10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection	CVE-2024-32710	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 22, 2024
Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection	CVE-2024-31355	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 7, 2024
Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection	CVE-2024-30535	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 29, 2024
ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection	CVE-2024-30491	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection	CVE-2024-30499	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection	CVE-2024-30497	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection	CVE-2024-30488	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection	CVE-2024-30238	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 26, 2024
Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection	CVE-2024-30239	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 26, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection	CVE-2024-30222	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection	CVE-2024-30223	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
Active Products Tables for WooCommerce <= 1.0.6 - Unauthenticated PHP Object Injection	CVE-2023-51505	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection	CVE-2024-30244	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 26, 2024
Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection	CVE-2024-29136	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-29135	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 18, 2024
WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution	CVE-2024-27972	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode	CVE-2024-27191	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 26, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation