🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > stealthcopter

stealthcopter

All Time Ranking

106

All Time Discoveries

6 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 106 Vulnerabilities

Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

4.4

CVE-2024-2258

Apr 26, 2024

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting

4.4

CVE-2024-3338

Apr 22, 2024

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting

4.7

CVE-2024-1720

Mar 6, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting

4.7

CVE-2024-1985

Mar 5, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

User Meta <= 3.0 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2024-33575

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-3189

May 14, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4

CVE-2024-4135

May 7, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Share This Image <= 1.98 - Open Redirect

5.4

CVE-2024-33930

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4

CVE-2024-32711

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

5.9

CVE-2024-0685

Feb 1, 2024

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting

6.1

CVE-2024-32531

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Mar 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Coupon Affiliates <= 5.12.7 - Reflected Cross-Site Scripting

6.1

CVE-2024-29125

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Link Library <= 7.6 - Reflected Cross-Site Scripting

6.1

CVE-2024-29123

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address

6.1

CVE-2024-2198

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

wp-mpdf <= 3.7.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-27962

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting

6.1

CVE-2024-27959

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Visualizer <= 3.10.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-27958

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2024-27960

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-27961

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting	CVE-2024-2258	4.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N	April 26, 2024
Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2024-3338	4.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N	April 22, 2024
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting	CVE-2024-1720	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N	March 6, 2024
Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting	CVE-2024-1985	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N	March 5, 2024
User Meta <= 3.0 - Unauthenticated Sensitive Information Exposure	CVE-2024-33575	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 25, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-3189	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	May 14, 2024
WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution	CVE-2024-4135	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	May 7, 2024
Share This Image <= 1.98 - Open Redirect	CVE-2024-33930	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	April 29, 2024
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2024-32711	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	April 22, 2024
Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection	CVE-2024-0685	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	February 1, 2024
GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting	CVE-2024-32531	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 15, 2024
Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) <= 3.1.77 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 22, 2024
Coupon Affiliates <= 5.12.7 - Reflected Cross-Site Scripting	CVE-2024-29125	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
Link Library <= 7.6 - Reflected Cross-Site Scripting	CVE-2024-29123	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address	CVE-2024-2198	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024
wp-mpdf <= 3.7.1 - Reflected Cross-Site Scripting	CVE-2024-27962	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024
APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting	CVE-2024-27959	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024
Visualizer <= 3.10.5 - Reflected Cross-Site Scripting	CVE-2024-27958	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024
Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-27960	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024
AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting	CVE-2024-27961	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation