🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 21-40 of 260 Vulnerabilities

wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions

5.4

CVE-2023-45760

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-45071

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting

6.1

CVE-2023-45070

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FooGallery <= 2.2.44 - Cross-Site Request Forgery

4.3

CVE-2023-44233

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

FooGallery <= 2.2.44 - Reflected Cross-Site Scripting

7.2

CVE-2023-44244

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease

5.3

CVE-2023-3869

Sep 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease

5.3

CVE-2023-3998

Sep 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission

7.2

CVE-2023-41863

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting

7.2

CVE-2023-4719

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-41238

Aug 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference

4.3

CVE-2023-49765

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Oxygen < 4.4 - Cross-Site Request Forgery

4.3

CVE-2022-46841

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting

6.1

CVE-2023-3708

Jul 17, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection

9.8

CVE-2023-36525

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Balkon <= 1.3.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-36502

Jun 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

TheRoof <= 1.0.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-29430

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Outdoor <= 3.9.6 - Reflected Cross-Site Scripting

6.1

CVE-2023-29236

Apr 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2023-28499

Mar 15, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending

5.8

CVE ID Unknown

Mar 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection

6.5

CVE-2023-25790

Mar 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions	CVE-2023-45760	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	October 12, 2023
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-45071	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting	CVE-2023-45070	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 3, 2023
FooGallery <= 2.2.44 - Cross-Site Request Forgery	CVE-2023-44233	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting	CVE-2023-44244	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 29, 2023
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease	CVE-2023-3869	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 12, 2023
wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease	CVE-2023-3998	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 12, 2023
PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission	CVE-2023-41863	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting	CVE-2023-4719	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting	CVE-2023-41238	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 29, 2023
Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference	CVE-2023-49765	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 11, 2023
Oxygen < 4.4 - Cross-Site Request Forgery	CVE-2022-46841	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 20, 2023
Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting	CVE-2023-3708	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 17, 2023
WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection	CVE-2023-36525	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 27, 2023
Balkon <= 1.3.2 - Reflected Cross-Site Scripting	CVE-2023-36502	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 23, 2023
TheRoof <= 1.0.3 - Reflected Cross-Site Scripting	CVE-2023-29430	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 6, 2023
Outdoor <= 3.9.6 - Reflected Cross-Site Scripting	CVE-2023-29236	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 4, 2023
Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting	CVE-2023-28499	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 15, 2023
Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending		5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N	March 9, 2023
WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection	CVE-2023-25790	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	March 1, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation