🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 241-260 of 260 Vulnerabilities

Comment Press <= 2.7.1 - Cross-Frame Scripting

4.7

CVE ID Unknown

Oct 15, 2020

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery

4.3

CVE-2023-41864

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-31422

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery

4.3

CVE-2023-49838

Dec 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

NextGEN Gallery <= 3.37 - Cross-Site Request Forgery

4.3

CVE-2023-48328

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

wpDiscuz <= 7.6.11 - Cross-Site Request Forgery

4.3

CVE-2023-47775

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

FooGallery <= 2.2.44 - Cross-Site Request Forgery

4.3

CVE-2023-44233

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference

4.3

CVE-2023-49765

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Oxygen < 4.4 - Cross-Site Request Forgery

4.3

CVE-2022-46841

Jul 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update

4.3

CVE-2022-38104

Sep 29, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Popup Builder <= 4.1.0 - Cross-Site Request Forgery

4.3

CVE-2022-32289

Jun 17, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery

4.3

CVE-2022-29441

May 26, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery

4.3

CVE-2022-25615

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery

4.3

CVE-2022-25614

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery

4.3

CVE-2022-27846

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

uListing <= 2.0.5 - Cross-Site Request Forgery leading to Settings Change

4.3

CVE-2021-36878

Jul 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting

4.1

CVE-2022-25612

Mar 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass

3.8

CVE-2022-29423

Apr 28, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

WP YouTube Lyte <= 1.7.15 - Authenticated (Admin+) Cross-Site Scripting

3.8

CVE-2021-24419

May 3, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting

3.4

CVE-2021-36889

Dec 17, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Comment Press <= 2.7.1 - Cross-Frame Scripting		4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N	October 15, 2020
PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery	CVE-2023-41864	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 16, 2024
Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal	CVE-2024-31422	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery	CVE-2023-49838	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 7, 2023
NextGEN Gallery <= 3.37 - Cross-Site Request Forgery	CVE-2023-48328	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 23, 2023
wpDiscuz <= 7.6.11 - Cross-Site Request Forgery	CVE-2023-47775	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
FooGallery <= 2.2.44 - Cross-Site Request Forgery	CVE-2023-44233	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 29, 2023
Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference	CVE-2023-49765	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 11, 2023
Oxygen < 4.4 - Cross-Site Request Forgery	CVE-2022-46841	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 20, 2023
Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update	CVE-2022-38104	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	September 29, 2022
Popup Builder <= 4.1.0 - Cross-Site Request Forgery	CVE-2022-32289	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 17, 2022
Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery	CVE-2022-29441	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 26, 2022
eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery	CVE-2022-25615	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2022
eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery	CVE-2022-25614	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2022
Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery	CVE-2022-27846	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2022
uListing <= 2.0.5 - Cross-Site Request Forgery leading to Settings Change	CVE-2021-36878	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 27, 2021
Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting	CVE-2022-25612	4.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N	March 23, 2022
Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass	CVE-2022-29423	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	April 28, 2022
WP YouTube Lyte <= 1.7.15 - Authenticated (Admin+) Cross-Site Scripting	CVE-2021-24419	3.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N	May 3, 2021
tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting	CVE-2021-36889	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N	December 17, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation