🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 41-60 of 260 Vulnerabilities

CarSpot – Dealership Wordpress Classified Theme <= 2.2.3 - Insecure Direct Object Reference

7.5

CVE ID Unknown

Jan 27, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR

7.5

CVE-2019-20209

Dec 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-29102

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename

7.2

CVE-2023-47185

Oct 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-45071

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

FooGallery <= 2.2.44 - Reflected Cross-Site Scripting

7.2

CVE-2023-44244

Sep 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission

7.2

CVE-2023-41863

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting

7.2

CVE-2023-4719

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting

7.2

CVE-2022-47146

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-25041

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-42459

Oct 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2021-36898

Oct 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

7.2

CVE-2022-40215

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting

7.2

CVE-2022-38073

Sep 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-40217

Aug 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-36375

Jul 26, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update

7.2

CVE-2022-33969

Jul 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update

7.2

CVE-2022-33970

Jul 25, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution

7.2

CVE-2021-24430

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution

7.2

CVE-2021-24209

Mar 16, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
CarSpot – Dealership Wordpress Classified Theme <= 2.2.3 - Insecure Direct Object Reference		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	January 27, 2020
CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR	CVE-2019-20209	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	December 27, 2019
Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-29102	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 15, 2024
wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename	CVE-2023-47185	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 31, 2023
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-45071	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
FooGallery <= 2.2.44 - Reflected Cross-Site Scripting	CVE-2023-44244	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 29, 2023
PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission	CVE-2023-41863	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting	CVE-2023-4719	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting	CVE-2022-47146	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 20, 2023
Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-25041	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 6, 2023
Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-42459	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 25, 2022
Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection	CVE-2021-36898	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 21, 2022
Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-40215	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 22, 2022
Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting	CVE-2022-38073	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 14, 2022
WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2022-40217	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	August 9, 2022
Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-36375	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 26, 2022
Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update	CVE-2022-33969	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 25, 2022
Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update	CVE-2022-33970	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 25, 2022
Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution	CVE-2021-24430	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	July 5, 2021
WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution	CVE-2021-24209	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 16, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation