Julien Ahrens

177
All Time Ranking
16
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

16 Vulnerabilities

Title CVE ID CVSS Vector Date
Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection CVE-2022-3861 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 18, 2022
Becustom <= 1.0.5.2 - Cross-Site Request Forgery CVE-2022-3747 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 14, 2022
Transposh WordPress Translation <= 1.0.8.1 - Cross-Site Request Forgery CVE-2021-24912 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 22, 2022
SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection CVE-2019-12516 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 10, 2019
Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass CVE-2022-2536 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N November 14, 2022
Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion CVE-2023-0291 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L February 15, 2023
Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution CVE-2022-25812 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 22, 2022
Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' CVE-2022-25811 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 22, 2022
Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' CVE-2021-24911 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N July 22, 2022
Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks CVE-2022-25810 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L July 22, 2022
Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp CVE-2021-24910 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 22, 2022
SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting CVE-2019-12517 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 10, 2019
Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion CVE-2023-0292 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 8, 2023
Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change CVE-2022-2461 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 18, 2022
Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure CVE-2022-2462 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 18, 2022
User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal CVE-2022-0779 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 16, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation