🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vishnupriya Ilango

Vishnupriya Ilango

All Time Ranking

All Time Discoveries

Showing 1-20 of 26 Vulnerabilities

Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL

5.4

CVE-2022-2040

Jun 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content

5.4

CVE-2022-2041

Jun 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload

6.4

CVE ID Unknown

Jun 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description

6.4

CVE ID Unknown

Jun 9, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification

8.8

CVE-2022-0141

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure

5.3

CVE-2022-0140

Nov 3, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Visual Form Builder <= 3.0.5 - CSV Injection

5.3

CVE-2022-0142

Nov 3, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24883

Oct 25, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module

5.4

CVE-2021-24834

Oct 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module

5.4

CVE-2021-24833

Oct 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24667

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WP Video Lightbox <= 1.9.2 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24665

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Aug 28, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gallery PhotoBlocks <= 1.1.5 - Cross-Site Scripting

7.1

CVE ID Unknown

Jul 29, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Quiz and Survey Master <= 6.4.12 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jul 29, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wise Chat <= 2.8.3 - CSV Injection

5.5

CVE ID Unknown

Jul 9, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting

8.3

CVE ID Unknown

May 4, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Gmedia Photo Gallery <= 1.18.4 - Cross-Site Scripting

6.1

CVE ID Unknown

Apr 27, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Newsletter <= 6.5.3 - CSV Injection

5.5

CVE ID Unknown

Mar 16, 2020

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2020-9334

Feb 25, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL	CVE-2022-2040	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 21, 2022
Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content	CVE-2022-2041	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 21, 2022
Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Media Upload		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 9, 2022
Gallery Bank – WordPress Photo Gallery Plugin <= 4.0.50 - Stored Cross-Site Scripting via Gallery Description		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 9, 2022
Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification	CVE-2022-0141	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	April 11, 2022
Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure	CVE-2022-0140	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 3, 2021
Visual Form Builder <= 3.0.5 - CSV Injection	CVE-2022-0142	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 3, 2021
Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24883	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 25, 2021
YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module	CVE-2021-24834	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 15, 2021
YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module	CVE-2021-24833	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	October 15, 2021
Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting	CVE-2021-24667	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 23, 2021
WP Video Lightbox <= 1.9.2 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24665	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	August 23, 2021
Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 28, 2020
Gallery PhotoBlocks <= 1.1.5 - Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 29, 2020
Quiz and Survey Master <= 6.4.12 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 29, 2020
Wise Chat <= 2.8.3 - CSV Injection		5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L	July 9, 2020
FooGallery <= 1.9.24 - Authenticated Cross-Site Scripting		8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	May 4, 2020
Gmedia Photo Gallery <= 1.18.4 - Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 27, 2020
Newsletter <= 6.5.3 - CSV Injection		5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L	March 16, 2020
Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting	CVE-2020-9334	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 25, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation