Jerome Bruandet

Organization: NinTechNet

18
All Time Ranking
212
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 212 Vulnerabilities

Title CVE ID CVSS Vector Date
Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change CVE-2021-4347 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H July 26, 2021
Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload CVE-2021-4368 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H July 12, 2021
Controlled Admin Access < 1.5.6 - Privilege Escalation CVE-2021-4360 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 30, 2021
uListing <= 1.6.6 - Unauthenticated SQL Injection CVE-2021-4340 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 28, 2021
Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update CVE-2021-4380 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 6, 2021
Kiwi Social Sharing 2.1.0 - 2.1.2 - Arbitrary Options Change CVE-2021-4362 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 4, 2021
uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX CVE-2021-4341 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2021
uListing <= 1.6.6 - Missing Authorization CVE-2021-4370 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2021
uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes CVE-2021-4346 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2021
uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route CVE-2021-4381 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2021
uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation CVE-2021-4343 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 28, 2021
Newsletter Manager <= 1.5.1 - Insecure Deserialization CVE-2020-36727 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 29, 2020
ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation CVE-2020-36719 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 17, 2020
Ultimate Reviews < 2.1.33 - PHP Object Injection CVE-2020-36726 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 10, 2020
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection CVE-2020-36718 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 3, 2020
Epsilon Framework Themes (Various Versions) - Function Injection CVE-2020-36708 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 1, 2020
Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload CVE-2020-36706 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H September 25, 2020
Quiz and Survey Master <= 7.0.1 - Arbitrary File Upload 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 29, 2020
Adning Advertising <= 1.5.5 - Arbitrary File Upload CVE-2020-36705 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H July 7, 2020
OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Unauthenticated Settings Update CVE-2019-17230 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 3, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation