James Hooker

62
All Time Ranking
53
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 53 Vulnerabilities

Title CVE ID CVSS Vector Date
NewStatPress < 1.0.6 - SQL Injection CVE-2015-9313 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 7, 2015
Pie Register 2.0.14-2.0.15 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 4, 2015
Registration Forms – User Profile, Custom Registration Form, Login Form, Invitation-Based Registrations for WordPress 2.0.14 - 2.0.15 - Authentication Bypass 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 4, 2015
rtMedia for WordPress, BuddyPress and bbPress < 3.7.40 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 28, 2015
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 9, 2015
Store Locator < 3.34 - SQL Injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 9, 2015
Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution CVE-2015-9351 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H February 2, 2015
Store Locator 2.3 - 3.11 - SQL Injection CVE-2014-8621 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 5, 2014
Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload CVE-2014-6446 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 6, 2014
Gravity Upload Ajax <= 1.1 - Unrestricted File Upload CVE-2014-4972 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 1, 2014
Flash Uploader <= 3.1.2 - Arbitrary Command Execution CVE-2014-5014 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 18, 2014
Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2015-9322 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H June 18, 2015
Gallery Bank – WordPress Photo Gallery <= 3.0.101 - SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 21, 2015
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.4.36 - SQL Injection 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 9, 2015
Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection CVE-2014-9442 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 22, 2014
MiwoFTP < 1.0.5 - Arbitrary File Download 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N April 14, 2015
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 8.0.0 - Authorization Bypass 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H February 2, 2015
Custom Community 2.0 - 2.0.24 - Stored Cross-Site Scripting 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L March 9, 2015
Ultimate CSV Importer < 3.6.75 - Information Disclosure 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N February 22, 2015
Sell Downloads <= 1.0.1 - Arbitrary File Read CVE-2014-9511 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 29, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation