🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 241-260 of 260 Vulnerabilities

WP Login Security and History <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

8.8

CVE-2021-24328

Mar 29, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update

9.1

CVE-2022-46838

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Realia <= 1.4.0 - Arbitrary Post Deletion

9.1

CVE ID Unknown

Oct 15, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Adifier System < 3.1.4 - Unauthenticated Local File Inclusion

9.8

CVE-2023-49753

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adifier System < 3.1.4 - Unauthenticated SQL Injection

9.8

CVE-2023-49752

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Couponis Demo < 2.2 - Unauthenticated SQL Injection

9.8

CVE-2023-49750

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection

9.8

CVE-2023-36525

Jun 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2022-46839

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update

9.8

CVE-2022-34487

Jun 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update

9.8

CVE-2022-33198

Jun 30, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Privilege Escalation

9.8

CVE-2021-36879

Jul 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Listing, Classified Ads & Business Directory – uListing <= 2.0.3 - Unauthenticated SQL Injection

9.8

CVE-2021-36880

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection

9.8

CVE-2021-24321

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Goto - Tour & Travel WordPress Theme < 2.1 - SQL Injection

9.8

CVE-2021-24314

Apr 26, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Controlled Admin Access <= 1.5.1 - Improper Access Control & Privilege Escalation

9.8

CVE-2021-24215

Mar 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPJobBoard <= 5.6.4 - SQL Injection

9.8

CVE ID Unknown

Nov 25, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection

9.8

CVE ID Unknown

Jun 28, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Travel Booking WordPress Theme < 2.8.4 - SQL Injection

9.8

CVE ID Unknown

Jun 23, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection

9.8

CVE-2020-15363

Jun 17, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Selio - Real Estate Directory <= 1.1 - SQL Injection

9.8

CVE ID Unknown

Sep 8, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
WP Login Security and History <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24328	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	March 29, 2021
JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update	CVE-2022-46838	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 27, 2023
Realia <= 1.4.0 - Arbitrary Post Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	October 15, 2020
Adifier System < 3.1.4 - Unauthenticated Local File Inclusion	CVE-2023-49753	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Adifier System < 3.1.4 - Unauthenticated SQL Injection	CVE-2023-49752	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Couponis Demo < 2.2 - Unauthenticated SQL Injection	CVE-2023-49750	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection	CVE-2023-36525	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 27, 2023
JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload	CVE-2022-46839	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 27, 2023
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update	CVE-2022-34487	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 30, 2022
Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update	CVE-2022-33198	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 30, 2022
Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Privilege Escalation	CVE-2021-36879	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 27, 2021
Listing, Classified Ads & Business Directory – uListing <= 2.0.3 - Unauthenticated SQL Injection	CVE-2021-36880	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 26, 2021
Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection	CVE-2021-24321	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 16, 2021
Goto - Tour & Travel WordPress Theme < 2.1 - SQL Injection	CVE-2021-24314	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 26, 2021
Controlled Admin Access <= 1.5.1 - Improper Access Control & Privilege Escalation	CVE-2021-24215	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 23, 2021
WPJobBoard <= 5.6.4 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 25, 2020
Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 28, 2020
Travel Booking WordPress Theme < 2.8.4 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 23, 2020
Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection	CVE-2020-15363	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 17, 2020
Selio - Real Estate Directory <= 1.1 - SQL Injection		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 8, 2019

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation