Prajal Kulkarni


Prajal Kulkarni is a Security Researcher and also an active member of Null Security Community with 3.5 years of experience. His areas of interest includes Web and mobile application security. He also writes a security blog @www.prajalkulkarni.com. In the past he has disclosed several vulnerabilities in core components of GLPI, BugGenie, Owncloud etc.


Code Vigilant Disclosures


Status Component Name Vulnerability Version Disclosure Date CVE-Number
wp-plugin : all-in-one-social-lite Ssrf 1 2014/05/28 Not Assigned
wp-plugin : flog Ssrf 1.0beta3 2014/05/28 Not Assigned
wp-plugin : keyword-strategy-internal-links Cross Site Scripting ( X S S) 2 2014/05/28 CVE-2014-4537
wp-plugin : wp-social-invitations Cross Site Scripting ( X S S) 1.4.4.2 2014/05/28 CVE-2014-4597
wp-plugin : easy-career-openings Cross Site Scripting ( X S S) 0.4 2014/05/28 CVE-2014-4523
wp-plugin : conversador Cross Site Scripting ( X S S) 2.61 2014/05/28 CVE-2014-4519
wp-plugin : bic-media Cross Site Scripting ( X S S) 1 2014/05/28 CVE-2014-4516
wp-plugin : anyfont Cross Site Scripting ( X S S) 2.2.3 2014/05/28 CVE-2014-4515
wp-plugin : your-text-manager Cross Site Scripting ( X S S) 0.3.0 2014/05/28 CVE-2014-4604
wp-plugin : webengage Cross Site Scripting ( X S S) 2.0.0 2014/05/28 CVE-2014-4574
wp-plugin : swipe-hq-checkout-for-jigoshop Cross Site Scripting ( X S S) 3.1.0 2014/05/28 CVE-2014-4557
wp-plugin : rezgo Cross Site Scripting ( X S S) 1.4.2 2014/05/28 CVE-2014-4546
wp-plugin : fbpromotions Cross Site Scripting ( X S S) 1.3.4 2014/05/28 CVE-2014-4528
wp-plugin : easy-post-types Cross Site Scripting ( X S S) 1.4.3 2014/05/28 CVE-2014-4524
wp-plugin : rezgo-online-booking Cross Site Scripting ( X S S) 1.8 2014/05/28 CVE-2014-4547
wp-plugin : efence Cross Site Scripting ( X S S) 1.3.2 2014/05/28 CVE-2014-4526
wp-plugin : oleggo-livestream Cross Site Scripting ( X S S) 0.2.6 2014/05/28 CVE-2014-4540
wp-plugin : dmca-watermarker Cross Site Scripting ( X S S) 1 2014/05/28 CVE-2014-4520
wp-plugin : alipay Cross Site Scripting ( X S S) 3.6.0 2014/05/28 CVE-2014-4514
wp-plugin : swipehq-payment-gateway-woocommerce Cross Site Scripting ( X S S) 2.7.1 2014/05/28 CVE-2014-4558
wp-plugin : ss-downloads Cross Site Scripting ( X S S) 1.4.41 2014/05/28 Not Assigned
wp-plugin : omfg-mobile Cross Site Scripting ( X S S) 1.1.26 2014/05/28 CVE-2014-4541
wp-plugin : malware-finder Cross Site Scripting ( X S S) 1.1 2014/05/28 CVE-2014-4538
wp-plugin : envialosimple-email-marketing-y-newsletters-gratis Cross Site Scripting ( X S S) 1.97 2014/05/28 CVE-2014-4527
wp-plugin : activehelper-livehelp Cross Site Scripting ( X S S) 3.1.0 2014/05/28 CVE-2014-4513
wp-plugin : jrss-widget Ssrf 1.2 2014/05/28 Not Assigned
wp-plugin : zeenshare Cross Site Scripting ( X S S) 1.0.1 2014/05/25 CVE-2014-4606
wp-plugin : youtubefreedown Components With Known Vulnerabilities 1 2014/05/25 Not Assigned
wp-plugin : wpsnapapp Cross Site Scripting ( X S S) 1.5 2014/05/25 CVE-2014-4596
wp-plugin : wppm Cross Site Scripting ( X S S) 1.6.4.b 2014/05/25 CVE-2014-4593
wp-plugin : wphotfiles Cross Site Scripting ( X S S) 1 2014/05/25 CVE-2014-4588
wp-plugin : wp-ultimate-email-marketer Cross Site Scripting ( X S S) 1.1.0 2014/05/25 CVE-2014-4600
wp-plugin : wp-ttisbdir Cross Site Scripting ( X S S) 1.0.2 2014/05/25 CVE-2014-4599
wp-plugin : wp-royal-gallery Components With Known Vulnerabilities 2 2014/05/25 Not Assigned
wp-plugin : wp-planet Cross Site Scripting ( X S S) 0.1 2014/05/25 CVE-2014-4592
wp-plugin : wp-media-player Cross Site Scripting ( X S S) 0.8 2014/05/25 CVE-2014-4589
wp-plugin : wp-lightpop Components With Known Vulnerabilities 0.8.5.6 2014/05/25 Not Assigned
wp-plugin : wp-easybooking Cross Site Scripting ( X S S) 1.0.3 2014/05/25 CVE-2014-4584
wp-plugin : wp-contact-sidebar-widget Cross Site Scripting ( X S S) 1 2014/05/25 CVE-2014-4583
wp-plugin : wordpress-social-login Cross Site Scripting ( X S S) 2.0.3 2014/05/25 CVE-2014-4576
wp-plugin : votecount-for-balatarin Cross Site Scripting ( X S S) 0.1.1 2014/05/25 CVE-2014-4572
wp-plugin : verweise-wordpress-twitter Cross Site Scripting ( X S S) 1.0.2 2014/05/25 CVE-2014-4566
wp-plugin : validated Cross Site Scripting ( X S S) 1.0.2 2014/05/25 CVE-2014-4564
wp-plugin : url-cloak-encrypt Cross Site Scripting ( X S S) 2 2014/05/25 CVE-2014-4563
wp-plugin : ultimate-weather-plugin Cross Site Scripting ( X S S) 1 2014/05/25 CVE-2014-4561
wp-plugin : toolpage Cross Site Scripting ( X S S) 1.6.1 2014/05/25 CVE-2014-4560
wp-plugin : swipehq-payment-gateway-wp-e-commerce Cross Site Scripting ( X S S) 3.1.0 2014/05/25 CVE-2014-4559
wp-plugin : swipe-hq-checkout-for-eshop 3.7 2014/05/25 CVE-2014-4556
wp-plugin : style-it Cross Site Scripting ( X S S) 1 2014/05/25 CVE-2014-4555
wp-plugin : spreadshirt-rss-3d-cube-flash-gallery Cross Site Scripting ( X S S) 2014/05/25 CVE-2014-4553
wp-plugin : spotlightyour Cross Site Scripting ( X S S) 4.7 2014/05/25 CVE-2014-4552
wp-plugin : soundslides Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : social-connect Cross Site Scripting ( X S S) 1.0.4 2014/05/25 CVE-2014-4551
wp-plugin : so-audible Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : simple-flash-video Components With Known Vulnerabilities 1.7 2014/05/25 Not Assigned
wp-plugin : shortcode-ninja Cross Site Scripting ( X S S) 1.4 2014/05/25 CVE-2014-4550
wp-plugin : secure-html5-video-player Components With Known Vulnerabilities 3.3 2014/05/25 Not Assigned
wp-plugin : sagepay-direct-for-woocommerce-payment-gateway Cross Site Scripting ( X S S) 0.1.6.7 - 20140128 2014/05/25 CVE-2014-4549
wp-plugin : s3audible-amazon-s3-music-player Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : qiniu-uploader Components With Known Vulnerabilities 0.1 2014/05/25 Not Assigned
wp-plugin : proquoter Cross Site Scripting ( X S S) 1 2014/05/25 CVE-2014-4545
wp-plugin : podcasting Components With Known Vulnerabilities 3.0.8 2014/05/25 Not Assigned
wp-plugin : podcast-channels Cross Site Scripting ( X S S) 0.2.0 2014/05/25 CVE-2014-4544
wp-plugin : pb-embedflash Components With Known Vulnerabilities 1.5.1 2014/05/25 Not Assigned
wp-plugin : pay-per-media-player Cross Site Scripting ( X S S) 1.24 2014/05/25 CVE-2014-4543
wp-plugin : ooorl Cross Site Scripting ( X S S) 2014/05/25 CVE-2014-4542
wp-plugin : movies Cross Site Scripting ( X S S) 0.6 2014/05/25 CVE-2014-4539
wp-plugin : microaudio Components With Known Vulnerabilities 0.6.2 2014/05/25 Not Assigned
wp-plugin : mc2-custom-help-videos Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : link2player Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : kindeditor-for-wordpress 1.3.3 2014/05/25 Not Assigned
wp-plugin : infusionsoft Cross Site Scripting ( X S S) 1.5.7 2014/05/25 CVE-2014-4536
wp-plugin : import-legacy-media Cross Site Scripting ( X S S) 0.1 2014/05/25 CVE-2014-4535
wp-plugin : html5-video-player-with-playlist Cross Site Scripting ( X S S) 2.4.0 2014/05/25 CVE-2014-4534
wp-plugin : html5-lyrics-karaoke-player Components With Known Vulnerabilities <1.07 2014/05/25 Not Assigned
wp-plugin : html5-jquery-audio-player Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : grand-media Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : global-flash-galleries Components With Known Vulnerabilities 0.13.4 2014/05/25 Not Assigned
wp-plugin : geo-redirector Cross Site Scripting ( X S S) 1.0.1 2014/05/25 CVE-2014-4533
wp-plugin : gdeslon-affiliate-shop Unvalidated Redirects and Forwards 2 2014/05/25 Not Assigned
wp-plugin : gdeslon-affiliate-shop 2 2014/05/25 Not Assigned
wp-plugin : garagesale Cross Site Scripting ( X S S) 1.2.2 2014/05/25 CVE-2014-4532
wp-plugin : game-tabs Cross Site Scripting ( X S S) 0.4.0 2014/05/25 CVE-2014-4531
wp-plugin : foliopress-wysiwyg Components With Known Vulnerabilities 2.6.8.5 2014/05/25 Not Assigned
wp-plugin : flash-photo-gallery Cross Site Scripting ( X S S) 0.7 2014/05/25 [CVE-2014-4529]
wp-plugin : ebay-feeds-for-wordpress Cross Site Scripting ( X S S) 1.1 2014/05/25 CVE-2014-4525
wp-plugin : dssearchagent-wordpress-edition Cross Site Scripting ( X S S) 1.0-beta10 2014/05/25 CVE-2014-4522
wp-plugin : dsidxpress Cross Site Scripting ( X S S) 2.1.0 2014/05/25 CVE-2014-4521
wp-plugin : cbi-referral-manager Cross Site Scripting ( X S S) 1.2.1 2014/05/25 CVE-2014-4517
wp-plugin : bookshelf Components With Known Vulnerabilities 2 2014/05/25 Not Assigned
wp-plugin : audio Components With Known Vulnerabilities 2014/05/25 Not Assigned
wp-plugin : flog – A3-Cross-Site Scripting (XSS) Cross Site Scripting ( X S S) [0.1] 2014/04/25 CVE-2014-4530
wp-plugin : contactme Cross Site Scripting ( X S S) 2.3 CVE-2014-4518