🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 61-80 of 260 Vulnerabilities

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update

4.3

CVE-2022-38104

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter

5.5

CVE-2022-45082

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

7.2

CVE-2022-40215

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting

7.2

CVE-2022-38073

Sep 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2022-36365

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2022-36383

Sep 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting

6.1

CVE-2022-36390

Aug 25, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-40217

Aug 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Download Manager <= 3.2.48 - Cross-Site Request Forgery

8.8

CVE-2022-36288

Aug 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference

7.5

CVE-2022-36284

Aug 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-36375

Jul 26, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update

7.2

CVE-2022-33970

Jul 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-33969

Jul 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting

6.4

CVE-2022-34853

Jul 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update

9.8

CVE-2022-33198

Jun 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update	CVE-2022-38104	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter	CVE-2022-45082	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 29, 2022
Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-40215	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 22, 2022
Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting	CVE-2022-38073	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 14, 2022
WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-36365	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	September 1, 2022
Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-36383	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	September 1, 2022
Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting	CVE-2022-36390	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 25, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2022-40217	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 9, 2022
Download Manager <= 3.2.48 - Cross-Site Request Forgery	CVE-2022-36288	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 2, 2022
Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference	CVE-2022-36284	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 1, 2022
Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-36375	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 26, 2022
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update	CVE-2022-33970	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 25, 2022
Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-33969	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 25, 2022
Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting	CVE-2022-34853	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 20, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update	CVE-2022-33198	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 30, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation