Chloe Chamberland

Organization: Wordfence

30
All Time Ranking
137
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023

Showing 101-120 of 137 Vulnerabilities

Title CVE ID CVSS Vector Date
JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change CVE-2020-36667 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 30, 2020
JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure CVE-2020-36668 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N July 30, 2020
All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-35946 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 16, 2020
JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2020-36669 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 16, 2020
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2020-35944 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 28, 2020
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting CVE-2020-35947 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L May 28, 2020
Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure CVE-2020-8934 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 21, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13643 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 11, 2020
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2020-13126 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13642 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 5, 2020
Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2020-13641 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H April 27, 2020
Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery CVE-2020-12076 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 24, 2020
Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions CVE-2020-12075 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L March 23, 2020
Accordion <= 2.2.8 - Unprotected AJAX Action to Stored/Reflected Cross-Site Scripting CVE-2020-13644 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 18, 2020
WebToffee Plugins <= (Various Versions) - Arbitrary User Creation CVE-2020-12074 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 11, 2020
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import CVE-2020-12074 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 11, 2020
ThemeREX Addons (Various Versions) - Missing Authorization CVE-2020-10257 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 9, 2020
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions CVE-2020-12073 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L March 4, 2020
Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes CVE-2020-9394 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 25, 2020
Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting CVE-2020-9393 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 25, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation