Wordfence Intelligence   >   Vulnerability Researchers   >   LVT-tholv2k

LVT-tholv2k

19
All Time Ranking
185
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 121-140 of 185 Vulnerabilities

Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-29769
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29925
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29812
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29766
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29909
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29926
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29927
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29906
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29761
Mar 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29134
Mar 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Automation By Autonami <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-2580
Mar 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-29114
Mar 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-27989
Mar 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-27990
Mar 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2024-27988
Mar 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2024-27189
Feb 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2024-25936
Feb 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label
6.4
CVE-2024-25919
Feb 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-24880
Feb 5, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Structured Content <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode
6.4
CVE-2024-24839
Feb 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-29769 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29925 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29812 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29766 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29909 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29926 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29927 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29906 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29761 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 25, 2024
Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29134 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 18, 2024
Automation By Autonami <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2580 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 18, 2024
Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-29114 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 16, 2024
WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-27989 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 15, 2024
The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-27990 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 15, 2024
WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-27988 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 15, 2024
WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-27189 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 28, 2024
SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2024-25936 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 26, 2024
Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label CVE-2024-25919 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 14, 2024
Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-24880 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 5, 2024
Structured Content <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode CVE-2024-24839 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 2, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation