🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mallory Adams

Mallory Adams

All Time Ranking

All Time Discoveries

Showing 1-20 of 56 Vulnerabilities

WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation

9.8

CVE-2015-9435

Aug 12, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

mTouch Quiz < 3.0.7 - SQL Injection

9.8

CVE-2014-100022

Feb 26, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery

8.8

CVE-2018-1000506

May 15, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP User Groups <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE ID Unknown

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Responsive Poll < 1.7.6 - Cross-Site Request Forgery to Cross-Site Scripting

8.8

CVE ID Unknown

Jan 10, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

8.8

CVE-2016-11085

Dec 15, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Multisite Post Duplicator <= 1.7.6 - Cross-Site Request Forgery

8.8

CVE-2016-10944

Dec 9, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery

8.8

CVE-2015-5483

Aug 26, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery

8.8

CVE-2015-9455

Jul 14, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery

8.8

CVE-2014-2550

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Theme My Login <= 6.3.9 - Local File Inclusion

8.8

CVE-2014-5155

Jun 30, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Featured Comments < 1.2.5 - Cross-Site Request Forgery

8.8

CVE-2014-4163

Jun 10, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting

8.8

CVE-2014-2274

Feb 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

BP Group Documents <= 1.2.1 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Oct 4, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP ULike < 3.2 - Missing Authorization

7.5

CVE-2018-1000511

May 14, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

NextGen Gallery <= 2.0 - Path Traversal

7.5

CVE ID Unknown

Feb 18, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WP ULike < 3.2 - Cross-Site Scripting

7.2

CVE-2018-1000508

May 14, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

GD bbPress Attachments < 2.3 - Directory Traversal

7.2

CVE-2015-5482

Jul 9, 2015

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection

7.2

CVE-2014-5389

Oct 1, 2014

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MSMC Redirect After Comment <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

7.1

CVE ID Unknown

May 8, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation	CVE-2015-9435	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 12, 2015
mTouch Quiz < 3.0.7 - SQL Injection	CVE-2014-100022	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 26, 2014
Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery	CVE-2018-1000506	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 15, 2018
WP User Groups <= 2.1.0 - Cross-Site Request Forgery		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 11, 2018
Responsive Poll < 1.7.6 - Cross-Site Request Forgery to Cross-Site Scripting		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 10, 2017
Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2016-11085	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 15, 2016
Multisite Post Duplicator <= 1.7.6 - Cross-Site Request Forgery	CVE-2016-10944	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 9, 2016
Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery	CVE-2015-5483	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 26, 2015
BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery	CVE-2015-9455	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	July 14, 2015
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery	CVE-2014-2550	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 1, 2014
Theme My Login <= 6.3.9 - Local File Inclusion	CVE-2014-5155	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 30, 2014
Featured Comments < 1.2.5 - Cross-Site Request Forgery	CVE-2014-4163	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 10, 2014
Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2014-2274	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 18, 2014
BP Group Documents <= 1.2.1 - Cross-Site Request Forgery		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 4, 2013
WP ULike < 3.2 - Missing Authorization	CVE-2018-1000511	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	May 14, 2018
NextGen Gallery <= 2.0 - Path Traversal		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 18, 2014
WP ULike < 3.2 - Cross-Site Scripting	CVE-2018-1000508	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	May 14, 2018
GD bbPress Attachments < 2.3 - Directory Traversal	CVE-2015-5482	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 9, 2015
Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection	CVE-2014-5389	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 1, 2014
MSMC Redirect After Comment <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	May 8, 2017

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation