stealthcopter

15
All Time Ranking
173
All Time Discoveries
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
June 5, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
May 21, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
May 9, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
April 19, 2024
1337 Vulnerability Researcher
1337 Vulnerability Researcher
April 18, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
March 8, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
February 20, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
January 22, 2024

Showing 1-20 of 173 Vulnerabilities

Title CVE ID CVSS Vector Date
Table Addons for Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter CVE-2024-4313 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 21, 2024
WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion CVE-2024-5503 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 20, 2024
JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters CVE-2024-4626 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 19, 2024
Flatsome <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-5156 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 19, 2024
Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter CVE-2024-4623 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2024
OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CVE-2024-4663 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2024
WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion CVE-2024-5574 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H June 18, 2024
PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render CVE-2024-0845 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 17, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter CVE-2024-4863 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 13, 2024
WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion CVE-2024-5551 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H June 13, 2024
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget CVE-2024-4615 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 12, 2024
CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2024-4564 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 11, 2024
Events Addon for Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2024-4669 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 11, 2024
Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CVE-2024-1766 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N June 11, 2024
Events Manager – Calendar, Bookings, Tickets, and more! <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes CVE-2024-3492 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 11, 2024
SKT Addons for Elementor <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets CVE-2024-5091 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L June 7, 2024
One Page Express Companion <= 1.6.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode CVE-2024-4703 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024
Rife Free <= 2.4.19 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35708 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024
Bloglo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35715 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute CVE-2024-4042 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 6, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation