🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Steven Julian

Steven Julian

All Time Ranking

All Time Discoveries

Showing 1-20 of 60 Vulnerabilities

iPanorama 360 WordPress Virtual Tour Builder <= 1.8.3 - Missing Authorization

5.3

CVE-2024-38690

Jul 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Depicter Slider <= 3.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-37414

Jun 28, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

E2Pdf – Export To Pdf Tool for WordPress <= 1.20.27 - Missing Authorization

4.3

CVE-2024-37415

Jun 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Transition Slider – Responsive Image Slider and Gallery <= 2.20.3 - Authenticated (Editor+) Stored Cross-Site Scripting

6.4

CVE-2024-37215

Jun 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Slideshow SE <= 2.5.20 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-35769

Jun 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Serious Slider <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-35762

Jun 17, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow <= 1.3.9 - Missing Authorization

4.3

CVE-2024-35717

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Album Gallery – WordPress Gallery <= 1.5.7 - Missing Authorization

4.3

CVE-2024-35720

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery <= 1.4.5 - Missing Authorization

4.3

CVE-2024-35721

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.4.0 - Missing Authorization

4.3

CVE-2024-35722

Jun 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP-Recall <= 16.26.6 - Cross-Site Request Forgery

4.3

CVE-2024-35657

Jun 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Integrate Google Drive <= 1.3.93 - Missing Authorization

5.3

CVE-2024-35670

Jun 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Radio Player <= 2.0.73 - Missing Authorization

5.3

CVE-2024-34753

May 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Popup box <= 4.1.2 - Cross-Site Request Forgery

6.1

CVE-2024-34367

May 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery <= 1.5.3 - Missing Authorization

5.3

CVE-2024-34377

May 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Mooberry Book Manager <= 4.15.12 - Unauthenticated Information Exposure via Export Files

5.3

CVE-2024-34368

May 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Masteriyo - LMS <= 1.7.3 - Insecure Direct Object Reference

5.3

CVE-2024-33939

Apr 30, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Academy LMS <= 1.9.16 - Missing Authorization

4.3

CVE-2024-33912

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Digital Publications by Supsystic <= 1.7.7 - Missing Authorization

5.3

CVE-2024-33910

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization

5.3

CVE-2024-33907

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
iPanorama 360 WordPress Virtual Tour Builder <= 1.8.3 - Missing Authorization	CVE-2024-38690	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	July 10, 2024
Depicter Slider <= 3.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-37414	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	June 28, 2024
E2Pdf – Export To Pdf Tool for WordPress <= 1.20.27 - Missing Authorization	CVE-2024-37415	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 28, 2024
Transition Slider – Responsive Image Slider and Gallery <= 2.20.3 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-37215	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 20, 2024
Slideshow SE <= 2.5.20 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2024-35769	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 18, 2024
Serious Slider <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting	CVE-2024-35762	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	June 17, 2024
Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow <= 1.3.9 - Missing Authorization	CVE-2024-35717	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 6, 2024
Album Gallery – WordPress Gallery <= 1.5.7 - Missing Authorization	CVE-2024-35720	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 6, 2024
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery <= 1.4.5 - Missing Authorization	CVE-2024-35721	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 6, 2024
Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.4.0 - Missing Authorization	CVE-2024-35722	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 6, 2024
WP-Recall <= 16.26.6 - Cross-Site Request Forgery	CVE-2024-35657	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 3, 2024
Integrate Google Drive <= 1.3.93 - Missing Authorization	CVE-2024-35670	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	June 3, 2024
Radio Player <= 2.0.73 - Missing Authorization	CVE-2024-34753	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 14, 2024
Popup box <= 4.1.2 - Cross-Site Request Forgery	CVE-2024-34367	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 3, 2024
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery <= 1.5.3 - Missing Authorization	CVE-2024-34377	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 3, 2024
Mooberry Book Manager <= 4.15.12 - Unauthenticated Information Exposure via Export Files	CVE-2024-34368	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 3, 2024
Masteriyo - LMS <= 1.7.3 - Insecure Direct Object Reference	CVE-2024-33939	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 30, 2024
Academy LMS <= 1.9.16 - Missing Authorization	CVE-2024-33912	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 29, 2024
Digital Publications by Supsystic <= 1.7.7 - Missing Authorization	CVE-2024-33910	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization	CVE-2024-33907	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation