Wordfence Intelligence   >   Vulnerability Researchers   >   Erwan LR

Erwan LR

Organization: WPScan

38
All Time Ranking
128
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 128 Vulnerabilities

Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update
4.3
CVE-2023-2334
Mar 2, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.8 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-10545
Feb 4, 2025
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Tour Master - Tour Booking, Travel, Hotel <= 5.3.4 - Reflected Cross-Site Scripting
6.1
CVE-2024-12400
Jan 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.10 - Reflected Cross-Site Scripting
6.1
CVE-2024-7354
Aug 12, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Ditty 3.1.39 - 3.1.45 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-6715
Aug 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-1747
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-6529
Jul 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Float menu – awesome floating side menu <= 6.0 - Cross-Site Request Forgery to Menu Deletion
4.3
CVE-2024-2405
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting
6.1
CVE-2024-1743
Apr 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure
4.3
CVE-2024-1756
Apr 2, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
coreActivity <= 2.0.1 - IP Spoofing
5.3
CVE-2024-0868
Mar 27, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion
4.3
CVE-2024-2322
Mar 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Themify – WooCommerce Product Filter <= 1.4.3 - Cross-Site Request Forgery
4.3
CVE-2024-2262
Mar 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Themify – WooCommerce Product Filter <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting
6.1
CVE-2024-2278
Mar 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Themify – WooCommerce Product Filter <= 1.4.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-2263
Mar 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Pz-LinkCard <= 2.5.2 - Reflected Cross-Site Scripting
6.1
CVE-2024-0672
Mar 7, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Enjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset
4.3
CVE-2024-0780
Feb 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Estatik Real Estate Plugin <= 4.1.0 - Reflected Cross-Site Scripting
6.1
CVE-2023-6050
Jan 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
MapPress Maps for WordPress <= 2.88.15 - Insufficient Authorization to Information Disclosure
5.3
CVE-2024-0421
Jan 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Product Enquiry for WooCommerce <= 3.1 - Reflected Cross-Site Scripting
6.1
CVE-2023-7151
Jan 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update CVE-2023-2334 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 2, 2025
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.8 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-10545 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 4, 2025
Tour Master - Tour Booking, Travel, Hotel <= 5.3.4 - Reflected Cross-Site Scripting CVE-2024-12400 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 9, 2025
Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.10 - Reflected Cross-Site Scripting CVE-2024-7354 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 12, 2024
Ditty 3.1.39 - 3.1.45 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-6715 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 2, 2024
WooCommerce Customers Manager <= 30.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-1747 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 11, 2024
Ultimate Classified Listings <= 1.3 - Reflected Cross-Site Scripting CVE-2024-6529 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 11, 2024
Float menu – awesome floating side menu <= 6.0 - Cross-Site Request Forgery to Menu Deletion CVE-2024-2405 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 11, 2024
WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting CVE-2024-1743 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 3, 2024
WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure CVE-2024-1756 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 2, 2024
coreActivity <= 2.0.1 - IP Spoofing CVE-2024-0868 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N March 27, 2024
WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion CVE-2024-2322 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 13, 2024
Themify – WooCommerce Product Filter <= 1.4.3 - Cross-Site Request Forgery CVE-2024-2262 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 11, 2024
Themify – WooCommerce Product Filter <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2024-2278 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 11, 2024
Themify – WooCommerce Product Filter <= 1.4.3 - Reflected Cross-Site Scripting CVE-2024-2263 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 11, 2024
Pz-LinkCard <= 2.5.2 - Reflected Cross-Site Scripting CVE-2024-0672 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 7, 2024
Enjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset CVE-2024-0780 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 20, 2024
Estatik Real Estate Plugin <= 4.1.0 - Reflected Cross-Site Scripting CVE-2023-6050 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 25, 2024
MapPress Maps for WordPress <= 2.88.15 - Insufficient Authorization to Information Disclosure CVE-2024-0421 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N January 17, 2024
Product Enquiry for WooCommerce <= 3.1 - Reflected Cross-Site Scripting CVE-2023-7151 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 15, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.