🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Vladislav Pokrovsky (ΞX.MI)

Vladislav Pokrovsky (ΞX.MI)

Organization: Independent AppSec Researcher

All Time Ranking

260

All Time Discoveries

About

AppSec // Bug Bounty // Legal Hacking

«When you lose fun and start doing things only for the payback, you're dead.» © Phrack #65

Showing 61-80 of 260 Vulnerabilities

Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Oct 12, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Careerfy <= 4.0.0 - Cross-Site Scripting

7.2

CVE ID Unknown

Jul 5, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting

7.2

CVE-2019-20211

Dec 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting

7.2

CVE-2019-20212

Dec 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Jun 26, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Intelligent WordPress Live Chat Support Plugin | Utilities <= 1.0.4 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Jun 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR)

7.1

CVE-2021-36874

Jul 27, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Careerfy <= 4.3.0 - Reflected Cross-Site Scripting

7.1

CVE ID Unknown

Jul 22, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Golo - City Travel Guide WordPress Theme < 1.3.3 - Reflected Cross-Site Scripting

7.1

CVE ID Unknown

Jul 11, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CareerUp < 2.3.1 - Reflected Cross-Site Scripting

7.1

CVE-2022-1167

Jul 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Findgo <= 1.3.31 - Cross-Site Scripting

7.1

CVE ID Unknown

Jun 17, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting

6.9

CVE-2021-36845

Sep 23, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download

6.8

CVE-2021-31567

Oct 29, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action

6.5

CVE-2023-49167

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Chat Bubble <= 2.3 - Cross-Site Request Forgery via cbb_submit_settings_data

6.5

CVE-2023-48769

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection

6.5

CVE-2023-25790

Mar 1, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update

6.5

CVE-2023-32500

Mar 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery

6.5

CVE-2021-36886

Nov 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Cross-Site Request Forgery

6.5

CVE-2021-36877

Jul 27, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference

6.5

CVE-2021-24318

May 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
Web Instant Messenger <= 1.1.2 and LocalWeb In One <= 1.6.4 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 12, 2020
Careerfy <= 4.0.0 - Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 5, 2020
CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting	CVE-2019-20211	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 27, 2019
CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting	CVE-2019-20212	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 27, 2019
Live Chat Unlimited <= 2.8.3 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 26, 2019
Intelligent WordPress Live Chat Support Plugin \| Utilities <= 1.0.4 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 25, 2019
uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR)	CVE-2021-36874	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L	July 27, 2021
Careerfy <= 4.3.0 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 22, 2020
Golo - City Travel Guide WordPress Theme < 1.3.3 - Reflected Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 11, 2020
CareerUp < 2.3.1 - Reflected Cross-Site Scripting	CVE-2022-1167	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	July 3, 2020
Findgo <= 1.3.31 - Cross-Site Scripting		7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	June 17, 2020
YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting	CVE-2021-36845	6.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N	September 23, 2021
Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download	CVE-2021-31567	6.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N	October 29, 2021
Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action	CVE-2023-49167	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	November 29, 2023
Chat Bubble <= 2.3 - Cross-Site Request Forgery via cbb_submit_settings_data	CVE-2023-48769	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	November 28, 2023
WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection	CVE-2023-25790	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	March 1, 2023
Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update	CVE-2023-32500	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	March 1, 2023
Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery	CVE-2021-36886	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	November 12, 2021
Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Cross-Site Request Forgery	CVE-2021-36877	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	July 27, 2021
Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference	CVE-2021-24318	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	May 16, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation