Jouko Pynnöne

137
All Time Ranking
22
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 22 Vulnerabilities

Title CVE ID CVSS Vector Date
OneLogin SAML-SSO Plugin < 2.1.6 - Authentication Bypass 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 6, 2016
WPML <= 3.1.9 - SQL Injection via lang Parameter CVE-2015-2314 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 10, 2015
Platform 4 <= 1.1.4 - Cross-Site Request Forgery CVE-2016-10945 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 23, 2016
Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery CVE-2016-10974 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 18, 2016
Formidable Form Builder < 2.05.03 - SQL Injection 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N November 13, 2017
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N October 31, 2016
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting CVE-2017-20192 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L November 13, 2017
OneLogin SAML SSO < 2.2.0 - Authentication Bypass CVE-2016-10928 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N January 21, 2016
WPML <= 3.1.9 - Arbitrary Deletion of Content CVE-2015-2791 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N March 10, 2015
Lazy Load < 0.6.1 - Authenticated Stored Cross-Site Scripting 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L July 20, 2016
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting CVE-2016-15041 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 29, 2016
WordPress Core < 4.2.1 - Cross-Site Scripting via Comments CVE-2015-3440 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 27, 2015
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 20, 2015
MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N March 19, 2015
WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2 CVE-2016-5833 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2016
WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name CVE-2016-5834 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 18, 2016
WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2015-5622 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 23, 2015
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N November 13, 2017
Fluid Responsive Slideshow < 2.2.7 - Reflected Cross-Site Scripting CVE-2016-10975 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 18, 2016
WPML < 3.1.9 - Cross-Site Scripting CVE-2015-2315 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 11, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation