Marcin Probola

Title	CVE ID	CVSS	Vector	Date
Google Map <= 2.2.5 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 24, 2015
404 to 301 – Redirect, Log and Notify 404 Errors <= 2.0.2 - SQL Injection	CVE-2015-9323	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	August 20, 2015
Plugmatter Optin Feature Box < 2.0.14 - SQL Injection	CVE-2015-9450	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 16, 2015
NEX-Forms – Ultimate Form Builder < 4.6.1 - SQL Injection	CVE-2015-9452	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 16, 2015
Plugmatter Optin Feature Box < 2.0.14 - SQL Injection	CVE-2015-9451	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 16, 2015
Auto Affiliate Links < 5.0 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 15, 2015
WP Shop < 3.4.3.16 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 8, 2015
Smart Manager For WooCommerce < 3.9.7 - Unauthenticated SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 8, 2015
WP Live Chat Support <= 4.3.5 - Blind SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 6, 2015
WTI Like Post < 1.4.3 - SQL Injection	CVE-2015-9466	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 5, 2015
Broken Link Manager < 0.5.0 - SQL Injection	CVE-2015-9467	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 4, 2015
My Page Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 21, 2015
GoCodes <= 1.3.5 - Authenticated Blind SQL Injection	CVE-2015-9398	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 25, 2015
WordPress Meta Robots <= 2.1 - SQL Injection	CVE-2015-9400	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 25, 2015
Gallery Bank – WordPress Photo Gallery Plugin <= 3.0.229 - SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 21, 2015
Slideshow Gallery <= 1.5.3.1 - Cross-Site Request Forgery to Arbitrary File Upload		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 20, 2015
Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	August 20, 2015
My Category Order <= 4.3 - Cross-Site Request Forgery to Cross-Site Scripting		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 13, 2015
SendPress Newsletters < 1.2 - Authenticated SQL Injection	CVE-2015-9448	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 23, 2015
Responsive Slider – Image Slider – Slideshow for WordPress <= 2.8.6 - Authenticated SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 22, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation