Vladislav Pokrovsky

Vulnerabilities Discovered:

235
All Time Discoveries
4
Discoveries since Aug 30, 2023

Showing 1-20 of 235 vulnerabilities

Title CVE ID CVSS Vector Date
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease CVE-2023-3869 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 12, 2023
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease CVE-2023-3998 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N September 12, 2023
PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission CVE-2023-41863 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N September 5, 2023
Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting CVE-2023-4719 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N September 5, 2023
Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting CVE-2023-41238 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 29, 2023
Oxygen < 4.4 - Cross-Site Request Forgery CVE-2022-46841 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 20, 2023
Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting CVE-2023-3708 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 17, 2023
WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection CVE-2023-36525 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 27, 2023
Balkon <= 1.3.2 - Reflected Cross-Site Scripting CVE-2023-36502 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 23, 2023
TheRoof <= 1.0.3 - Reflected Cross-Site Scripting CVE-2023-29430 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 6, 2023
Outdoor <= 3.9.6 - Reflected Cross-Site Scripting CVE-2023-29236 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 4, 2023
Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2023-28499 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 15, 2023
Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N March 9, 2023
WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection CVE-2023-25790 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N March 1, 2023
Real Estate 7 <= 3.3.4 - Cross-Site Request Forgery 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L March 1, 2023
Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update CVE-2023-32500 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N March 1, 2023
Real Estate 7 <= 3.3.4 - Reflected Cross-Site Scripting via ct_additional_features 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 28, 2023
Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting CVE-2022-47146 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 20, 2023
Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection CVE-2023-25790 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N February 16, 2023
Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting CVE-2023-25041 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 6, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation