Jerome Bruandet

Organization: NinTechNet

18
All Time Ranking
212
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 21-40 of 212 Vulnerabilities

Title CVE ID CVSS Vector Date
MStore API <= 2.1.5 - Authentication Bypass CVE-2020-36713 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 11, 2020
Wordable <= 3.1.1 - Authentication Bypass CVE-2020-36724 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2020
LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import CVE-2019-15896 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 9, 2019
ND Restaurant Reservations <= 1.3 - Options Change CVE-2019-15819 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 9, 2019
User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload CVE-2019-25138 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 2, 2019
Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update CVE-2019-25141 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 17, 2019
Delete All Comments <= 2.0 - Arbitrary File Upload CVE-2016-15033 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 10, 2016
ND Booking <= 2.4 - Unauthenticated Arbitrary Options Update CVE-2019-15774 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H August 5, 2019
WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update CVE-2021-4374 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H September 6, 2021
uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion CVE-2021-4357 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H January 28, 2021
Ultimate FAQ <= 1.8.24 - Unauthenticated Options Import/Export CVE-2019-17232 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H September 20, 2019
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download CVE-2021-4356 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H July 12, 2021
Deeper Comments <= 2.1.1 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Options Update 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 25, 2023
Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option CVE-2023-3124 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 28, 2023
Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation CVE-2022-4950 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2022
AdSanity < 1.8.2 - Authenticated Arbitrary File Upload CVE-2022-4949 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 25, 2022
WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload CVE-2021-42362 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 12, 2021
JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update CVE-2021-4361 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 5, 2021
Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization CVE-2021-4337 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 7, 2021
PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload CVE-2021-4354 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 1, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation