🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mallory Adams

Mallory Adams

All Time Ranking

All Time Discoveries

Showing 21-40 of 56 Vulnerabilities

Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jul 13, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WatuPRO < 4.9.0.8 - Cross-Site Request Forgery

4.3

CVE-2015-9418

Sep 1, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery

8.8

CVE-2015-5483

Aug 26, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation

9.8

CVE-2015-9435

Aug 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

iFrame <= 3.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-6738

Aug 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iFrame <= 4.0 - Stored Cross-Site Scripting

6.4

CVE-2015-6738

Aug 10, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting

3.8

CVE ID Unknown

Aug 10, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9327

Jul 28, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery

8.8

CVE-2015-9455

Jul 14, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Plotly <= 1.0.2 - Stored Cross-Site Scripting

6.4

CVE-2015-9347

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Plotly < 1.0.3 - Stored Cross-Site Scripting

6.4

CVE-2015-5484

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting

6.1

CVE-2015-5485

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GD bbPress Attachments < 2.3 - Directory Traversal

7.2

CVE-2015-5482

Jul 9, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

GD bbPress Attachments < 2.3 - Reflected Cross-Site Scripting

6.1

CVE-2015-5481

Jul 8, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Content Slide <= 1.4.2 - Cross-Site Scripting

6.1

CVE ID Unknown

Apr 16, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2014-5389

Oct 1, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1

CVE-2014-6312

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

WP-Ban < 1.64 - Improper Input Validation

5.3

CVE-2014-6230

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2014-5196

Aug 13, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery

8.8

CVE-2014-2550

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2016
WatuPRO < 4.9.0.8 - Cross-Site Request Forgery	CVE-2015-9418	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 1, 2015
Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery	CVE-2015-5483	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 26, 2015
WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation	CVE-2015-9435	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 12, 2015
iFrame <= 3.0 - Reflected Cross-Site Scripting	CVE-2015-6738	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 11, 2015
iFrame <= 4.0 - Stored Cross-Site Scripting	CVE-2015-6738	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 10, 2015
MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting		3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	August 10, 2015
Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting	CVE-2015-9327	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 28, 2015
BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery	CVE-2015-9455	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 14, 2015
Plotly <= 1.0.2 - Stored Cross-Site Scripting	CVE-2015-9347	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2015
Plotly < 1.0.3 - Stored Cross-Site Scripting	CVE-2015-5484	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2015
The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting	CVE-2015-5485	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 13, 2015
GD bbPress Attachments < 2.3 - Directory Traversal	CVE-2015-5482	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 9, 2015
GD bbPress Attachments < 2.3 - Reflected Cross-Site Scripting	CVE-2015-5481	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 8, 2015
WordPress Content Slide <= 1.4.2 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 16, 2015
Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection	CVE-2014-5389	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 1, 2014
Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting	CVE-2014-6312	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	September 17, 2014
WP-Ban < 1.64 - Improper Input Validation	CVE-2014-6230	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	September 17, 2014
Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2014-5196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 13, 2014
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery	CVE-2014-2550	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 1, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation