🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 141-160 of 260 Vulnerabilities

Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution

7.2

CVE-2021-24430

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

5.5

CVE-2021-36872

Jul 4, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2021-24425

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting

4.8

CVE-2021-24427

Jun 16, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting

6.1

CVE-2021-24426

Jun 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

10Web Map Builder for Google Maps <= 1.0.69 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jun 14, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE ID Unknown

Jun 13, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting

6.1

CVE-2021-24387

Jun 10, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter

5.5

CVE-2021-24424

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting

6.4

CVE-2021-24421

May 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Funnel Builder by CartFlows <= 1.6.12 - Authenticated Stored Cross-Site scripting via FB Pixel ID and Google Analytics ID

4.8

CVE-2021-24330

May 17, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Instant Images – One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2021-24334

May 17, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Car Repair Services & Auto Mechanic < 4.0 - Reflected Cross-Site Scripting

6.1

CVE-2021-24335

May 17, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.5

CVE-2021-24482

May 17, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection

9.8

CVE-2021-24321

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter

5.4

CVE-2021-24322

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Mediumish <= 1.0.47 - Reflected Cross-Site Scripting

6.1

CVE-2021-24316

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference

6.5

CVE-2021-24318

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Bello - Directory & Listing - < 1.6.0 - Cross-Site Scripting

6.4

CVE-2021-24319

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting

4.8

CVE-2021-24423

May 9, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution	CVE-2021-24430	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 5, 2021
WordPress Popular Posts <= 5.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-36872	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	July 4, 2021
myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting	CVE-2021-24425	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	June 21, 2021
W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-24427	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	June 16, 2021
Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting	CVE-2021-24426	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 16, 2021
10Web Map Builder for Google Maps <= 1.0.69 - Authenticated Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 14, 2021
Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 13, 2021
WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting	CVE-2021-24387	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 10, 2021
WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter	CVE-2021-24424	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 26, 2021
WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting	CVE-2021-24421	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 19, 2021
Funnel Builder by CartFlows <= 1.6.12 - Authenticated Stored Cross-Site scripting via FB Pixel ID and Google Analytics ID	CVE-2021-24330	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	May 17, 2021
Instant Images – One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting	CVE-2021-24334	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 17, 2021
Car Repair Services & Auto Mechanic < 4.0 - Reflected Cross-Site Scripting	CVE-2021-24335	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 17, 2021
Related Posts for WordPress <= 2.0.4 - Stored Cross-Site Scripting	CVE-2021-24482	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 17, 2021
Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection	CVE-2021-24321	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 16, 2021
Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter	CVE-2021-24322	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	May 16, 2021
Mediumish <= 1.0.47 - Reflected Cross-Site Scripting	CVE-2021-24316	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 16, 2021
Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference	CVE-2021-24318	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	May 16, 2021
Bello - Directory & Listing - < 1.6.0 - Cross-Site Scripting	CVE-2021-24319	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 16, 2021
UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting	CVE-2021-24423	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	May 9, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation