Marc-Alexandre Montpas

64
All Time Ranking
50
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 21-40 of 50 Vulnerabilities

Title CVE ID CVSS Vector Date
WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2021-24870 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 14, 2021
WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection CVE-2021-24869 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 14, 2021
WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion CVE-2021-24566 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 22, 2021
Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting CVE-2021-24228 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H March 26, 2021
Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting CVE-2021-24229 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H March 26, 2021
Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery CVE-2021-24230 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H March 26, 2021
Patreon WordPress < 1.7.0 - Local File Disclosure CVE-2021-24227 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N March 26, 2021
Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery CVE-2021-24231 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 26, 2021
WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables CVE-2020-28034 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 29, 2020
Elementor Website Builder <= 2.7.5 - Stored Cross-Site Scripting 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 29, 2020
Duplicate Page <= 3.3 - SQL Injection 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L March 22, 2019
SiteGround Optimizer <= 5.0.12 - Missing Authorization CVE-2019-25217 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 14, 2019
Caldera Forms Pro < 1.8.2 - Missing Authorization 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 13, 2019
WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds CVE-2017-6817 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 6, 2017
WordPress Core < 4.7.2 - Arbitrary Page Modification CVE-2017-1001000 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H January 26, 2017
bbPress < 2.5.9 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N May 3, 2016
Jetpack <= 3.7.1 - Stored Cross-Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N October 1, 2015
WP Super Cache < 1.4.3 - Cross Site Scripting 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 7, 2015
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N February 24, 2015
UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H February 3, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation