Chloe Chamberland

Organization: Wordfence

30
All Time Ranking
137
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023

Showing 81-100 of 137 Vulnerabilities

Title CVE ID CVSS Vector Date
Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure CVE-2021-24164 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 16, 2021
Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection CVE-2021-24166 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 16, 2021
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification CVE-2021-24162 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 10, 2021
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2021-24161 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 10, 2021
Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload CVE-2021-24160 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 10, 2021
Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery CVE-2021-24159 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 4, 2021
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2021-24157 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 12, 2021
NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions CVE-2020-36670 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L November 27, 2020
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation CVE-2021-24158 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H November 24, 2020
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles CVE-2020-36157 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta CVE-2020-36155 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update CVE-2020-36156 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation CVE-2020-28649 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 14, 2020
WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-28650 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 7, 2020
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions CVE-2020-35948 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 18, 2020
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery CVE-2020-35950 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 18, 2020
Facebook Chat Plugin <= 1.5 - Missing Capabilities Check CVE-2020-36838 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L August 4, 2020
Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion CVE-2020-35951 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H August 3, 2020
Elegant Themes (Multiple Versions) - Arbitrary File Upload CVE-2020-35945 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 3, 2020
Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload CVE-2020-35949 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 3, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation