🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Sucuri Research Team

Sucuri Research Team

All Time Ranking

All Time Discoveries

Showing 1-20 of 29 Vulnerabilities

WooCommerce AJAX Product Filters <= 1.3.6 - Arbitrary Settings Update

8.3

CVE ID Unknown

Sep 18, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting

6.1

CVE-2015-9495

May 13, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Auberge < 1.4.5 - Cross-Site Scripting

6.1

CVE-2015-9502

May 6, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Stripe Add-on for iThemes Exchange < 1.2.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9374

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exchange Addon Custom URL Tracking < 1.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9366

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Two Factor Authentication < 1.1.10 - Cross-Site Scripting

6.1

CVE-2015-9355

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Digital Downloads – Recurring Payments <= 2.3 - Cross-Site Scripting

6.1

CVE-2015-9525

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Digital Downloads – QR Codes <= 1.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9522

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

P3 (Plugin Performance Profiler) < 1.5.3.9 - Cross-Site Scripting

7.1

CVE ID Unknown

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Easy Digital Downloads – Shoppette Theme < 1.0.5 - Cross-Site Scripting

6.1

CVE-2015-9535

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Print Friendly <= 0.6 - Cross-Site Scripting

6.1

CVE ID Unknown

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting

6.1

CVE-2015-9379

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Digital Downloads – Attach Accounts to Orders <= 2.0.1 - Reflected Cross-Site Scripting

6.1

CVE-2015-9507

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Digital Downloads – PDF Invoices < 1.0.4 - Cross-Site Scripting

6.1

CVE-2015-9518

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Digital Downloads – Software Licensing < 3.2.3 - Cross-Site Scripting

6.1

CVE-2015-9528

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iThemes Builder Depot Theme < 5.0.30 - Reflected Cross-Site Scripting

6.1

CVE-2015-9377

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting

6.1

CVE-2015-9375

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iThemes Exchange < 1.12.0 - Cross-Site Scripting

6.1

CVE-2015-9363

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iThemes Mobile < 1.2.8 - Reflected Cross-Site Scripting

6.1

CVE-2015-9376

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exchange Addon Invoices < 1.4.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9370

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WooCommerce AJAX Product Filters <= 1.3.6 - Arbitrary Settings Update		8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	September 18, 2019
Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting	CVE-2015-9495	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 13, 2015
Auberge < 1.4.5 - Cross-Site Scripting	CVE-2015-9502	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 6, 2015
Stripe Add-on for iThemes Exchange < 1.2.0 - Reflected Cross-Site Scripting	CVE-2015-9374	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Exchange Addon Custom URL Tracking < 1.1.0 - Reflected Cross-Site Scripting	CVE-2015-9366	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Two Factor Authentication < 1.1.10 - Cross-Site Scripting	CVE-2015-9355	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Easy Digital Downloads – Recurring Payments <= 2.3 - Cross-Site Scripting	CVE-2015-9525	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Easy Digital Downloads – QR Codes <= 1.1.0 - Reflected Cross-Site Scripting	CVE-2015-9522	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
P3 (Plugin Performance Profiler) < 1.5.3.9 - Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	April 20, 2015
Easy Digital Downloads – Shoppette Theme < 1.0.5 - Cross-Site Scripting	CVE-2015-9535	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
WP Print Friendly <= 0.6 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting	CVE-2015-9379	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Easy Digital Downloads – Attach Accounts to Orders <= 2.0.1 - Reflected Cross-Site Scripting	CVE-2015-9507	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Easy Digital Downloads – PDF Invoices < 1.0.4 - Cross-Site Scripting	CVE-2015-9518	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Easy Digital Downloads – Software Licensing < 3.2.3 - Cross-Site Scripting	CVE-2015-9528	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
iThemes Builder Depot Theme < 5.0.30 - Reflected Cross-Site Scripting	CVE-2015-9377	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting	CVE-2015-9375	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
iThemes Exchange < 1.12.0 - Cross-Site Scripting	CVE-2015-9363	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
iThemes Mobile < 1.2.8 - Reflected Cross-Site Scripting	CVE-2015-9376	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015
Exchange Addon Invoices < 1.4.0 - Reflected Cross-Site Scripting	CVE-2015-9370	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 20, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation