🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 61-80 of 260 Vulnerabilities

WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE-2022-30536

Jun 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting

5.5

CVE-2022-29432

May 6, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-29418

Apr 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2021-36884

Nov 17, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2021-23174

Oct 29, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting

5.5

CVE-2021-36873

Sep 22, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Google Maps Pro <= 8.1.11 - Authenticated Stored Cross-Site Scripting

5.5

CVE-2021-36871

Sep 8, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

5.5

CVE-2021-36872

Jul 4, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE ID Unknown

Jun 13, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter

5.5

CVE-2021-24424

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

5.5

CVE-2021-24482

May 17, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Autoptimize <= 2.8.3 - Stored Cross-Site Scripting

5.5

CVE-2021-24332

May 7, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP DoNotTrack <= 0.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE ID Unknown

May 3, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Rss for Yandex Turbo <= 1.30 - Admin+ Stored Cross-Site Scripting

5.5

CVE-2021-24428

Apr 23, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending

5.8

CVE ID Unknown

Mar 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-47153

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

New User Approve <= 2.5.1 - Cross-Site Request Forgery via admin_notices

6.1

CVE-2023-50902

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting

6.1

CVE-2023-49839

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Machic Core <= 1.2.6 - Reflected Cross-Site Scripting

6.1

CVE-2023-49186

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-49766

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Maintenance <= 6.0.7 - Authenticated (Admin+) Cross-Site Scripting	CVE-2022-30536	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 28, 2022
wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting	CVE-2022-29432	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 6, 2022
Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-29418	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 25, 2022
Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-36884	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 17, 2021
Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-23174	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 29, 2021
WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting	CVE-2021-36873	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 22, 2021
WP Google Maps Pro <= 8.1.11 - Authenticated Stored Cross-Site Scripting	CVE-2021-36871	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 8, 2021
WordPress Popular Posts <= 5.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2021-36872	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	July 4, 2021
Async Javascript <= 2.20.12.09 - Authenticated (Admin+) Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	June 13, 2021
WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter	CVE-2021-24424	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 26, 2021
Related Posts for WordPress <= 2.0.4 - Stored Cross-Site Scripting	CVE-2021-24482	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 17, 2021
Autoptimize <= 2.8.3 - Stored Cross-Site Scripting	CVE-2021-24332	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 7, 2021
WP DoNotTrack <= 0.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting		5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 3, 2021
Rss for Yandex Turbo <= 1.30 - Admin+ Stored Cross-Site Scripting	CVE-2021-24428	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 23, 2021
Real Estate 7 Theme <= 3.3.4 - Unauthenticated Arbitrary Email Sending		5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N	March 9, 2023
Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting	CVE-2022-47153	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 28, 2024
New User Approve <= 2.5.1 - Cross-Site Request Forgery via admin_notices	CVE-2023-50902	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 26, 2023
Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting	CVE-2023-49839	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 7, 2023
Machic Core <= 1.2.6 - Reflected Cross-Site Scripting	CVE-2023-49186	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 7, 2023
Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting	CVE-2023-49766	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 4, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation