Shreya Pohekar


Shreya Pohekar is a Security Researcher and Developer. She leads Null Bhopal and Infosecgirls bhopal chapter. She’s an active speaker in various infosec communities like Null, OWASP, Infosecgirls. She writes technical blogs at shreyapohekar.com. She has experience working in mobile and web dev, web security and linux administration. She is RHCSA Certified and holds pro-hacker badge on hackthebox.


Code Vigilant Disclosures


Status Component Name Vulnerability Version Disclosure Date CVE-Number
wp-plugin : wp-paytm-pay Injection 1.3.2 2021/07/23 CVE-2021-24554
wp-plugin : timeline-calendar Injection 1.2 2021/07/23 CVE-2021-24553
wp-plugin : simple-events-calendar Injection 1.4.0 2021/07/23 CVE-2021-24552
wp-plugin : project-status Cross Site Scripting ( X S S) 1.6 2021/07/23 CVE-2021-24558
wp-plugin : m-vslider Injection 2.1.3 2021/07/23 CVE-2021-24557
wp-plugin : email-subscriber Cross Site Scripting ( X S S) 1.1 2021/07/23 CVE-2021-24556
wp-plugin : edit-comments Injection 0.3 2021/07/23 CVE-2021-24551
wp-plugin : diary-availability-calendar Injection 1.0.3 2021/07/23 CVE-2021-24555
wp-plugin : broken-link-manager Injection 0.6.5 2021/07/23 CVE-2021-24550
wp-plugin : aceide Local File Inclusion 2.6.2 2021/07/23 CVE-2021-24549
wp-plugin : rsvpmaker S S R F 8.6.4 2021/06/29 CVE-2021-24371
wp-plugin : handsome-testimonials Injection 2.0.7 2021/06/29 CVE-2021-24492
wp-plugin : stock-in Cross Site Scripting ( X S S) 1.0.4 2021/05/27 CVE-2021-24346
wp-plugin : side-menu Injection 3.1.3 2021/05/27 CVE-2021-24348
wp-plugin : sendit Injection 2.5.1 2021/05/27 CVE-2021-24345
wp-plugin : flightlog Injection 3.0.2 2021/05/19 CVE-2021-24336
wp-plugin : giveasap Cross Site Scripting ( X S S) 2.35.0 2021/05/09 CVE-2021-24298
wp-plugin : cars-seller-auto-classifieds-script Injection 2.1.0 2021/04/26 CVE-2021-24285