🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Mallory Adams

Mallory Adams

All Time Ranking

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 21-40 of 56 Vulnerabilities

7.1

CVE-2014-6312

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

7.1

CVE-2014-2598

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting

7.1

CVE-2014-100018

Apr 11, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Embed Plus Plugin for YouTube <= 11.8.1 - Cross-Site Request Forgery

6.5

CVE-2017-1000224

Jul 25, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Salutation < 3.0.16 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2017-1000227

Jul 31, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Salutation Responsive WordPress Theme < 3.0.16 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2017-1000227

Jul 31, 2017

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Jul 13, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

iFrame <= 4.0 - Stored Cross-Site Scripting

6.4

CVE-2015-6738

Aug 10, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Plotly < 1.0.3 - Stored Cross-Site Scripting

6.4

CVE-2015-5484

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Plotly <= 1.0.2 - Stored Cross-Site Scripting

6.4

CVE-2015-9347

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Oct 4, 2013

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Twitget < 3.3.3 - Cross-Site Request Forgery

6.3

CVE-2014-2559

Apr 8, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Tooltipy (tooltips for WP) <= 5.0 - Reflected Cross-Site Scripting

6.1

CVE-2018-1000512

Jun 12, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Content Audit <= 1.9.1 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2017-18560

Sep 26, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Firewall 2 <= 1.3 - Stored Cross-Site Scripting

6.1

CVE ID Unknown

Apr 5, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting

6.1

CVE-2017-1000038

Feb 28, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Grow Social <= 1.2.5 - Reflected Cross-Site Scripting

6.1

CVE-2016-10736

Dec 9, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

iFrame <= 3.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-6738

Aug 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting

6.1

CVE-2015-9327

Jul 28, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting

6.1

CVE-2015-5485

Jul 13, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting	CVE-2014-6312	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	September 17, 2014
Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2014-2598	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	August 1, 2014
Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting	CVE-2014-100018	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	April 11, 2014
Embed Plus Plugin for YouTube <= 11.8.1 - Cross-Site Request Forgery	CVE-2017-1000224	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	July 25, 2017
Salutation < 3.0.16 - Authenticated Stored Cross-Site Scripting	CVE-2017-1000227	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 31, 2017
Salutation Responsive WordPress Theme < 3.0.16 - Authenticated Stored Cross-Site Scripting	CVE-2017-1000227	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 31, 2017
Advanced Custom Fields: Table Field < 1.1.13 - Authenticated Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2016
iFrame <= 4.0 - Stored Cross-Site Scripting	CVE-2015-6738	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 10, 2015
Plotly < 1.0.3 - Stored Cross-Site Scripting	CVE-2015-5484	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2015
Plotly <= 1.0.2 - Stored Cross-Site Scripting	CVE-2015-9347	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 13, 2015
BP Group Documents <= 1.2.1 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 4, 2013
Twitget < 3.3.3 - Cross-Site Request Forgery	CVE-2014-2559	6.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	April 8, 2014
Tooltipy (tooltips for WP) <= 5.0 - Reflected Cross-Site Scripting	CVE-2018-1000512	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 12, 2018
Content Audit <= 1.9.1 - Cross-Site Request Forgery to Cross-Site Scripting	CVE-2017-18560	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 26, 2017
WordPress Firewall 2 <= 1.3 - Stored Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 5, 2017
Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting	CVE-2017-1000038	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 28, 2017
Grow Social <= 1.2.5 - Reflected Cross-Site Scripting	CVE-2016-10736	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 9, 2016
iFrame <= 3.0 - Reflected Cross-Site Scripting	CVE-2015-6738	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 11, 2015
Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting	CVE-2015-9327	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 28, 2015
The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting	CVE-2015-5485	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 13, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation