Chloe Chamberland

Organization: Wordfence

30
All Time Ranking
137
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023

Showing 121-137 of 137 Vulnerabilities

Title CVE ID CVSS Vector Date
Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated File Download w/ Information Disclosure CVE-2019-19985 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N November 13, 2019
JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update CVE-2023-0086 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L January 4, 2023
Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection CVE-2021-24166 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 16, 2021
JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change CVE-2020-36667 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 30, 2020
Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change CVE-2020-6166 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N January 8, 2020
Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings CVE-2019-19981 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L November 13, 2019
Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function CVE-2023-3977 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N July 27, 2023
Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function CVE-2023-0958 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N July 27, 2023
Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure CVE-2022-4932 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 24, 2022
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval CVE-2021-24355 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 26, 2021
Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion CVE-2021-24281 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 20, 2021
Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure CVE-2021-24164 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N February 16, 2021
JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure CVE-2020-36668 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N July 30, 2020
Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure CVE-2020-8934 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 21, 2020
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import CVE-2020-12074 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 11, 2020
Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email CVE-2019-19980 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L November 13, 2019
Fast Velocity Minify <= 2.7.6 - Full Path Disclosure CVE-2019-19983 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N October 16, 2019

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation