Wordfence Intelligence   >   Vulnerability Researchers   >   Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

16
All Time Ranking
136
All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023
Learn more Learn more about Achievements

Showing 81-100 of 136 Vulnerabilities

Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection
5.4
CVE-2021-24166
Feb 16, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification
8.8
CVE-2021-24162
Feb 10, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload
8.8
CVE-2021-24161
Feb 10, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload
8.8
CVE-2021-24160
Feb 10, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery
8.8
CVE-2021-24159
Feb 4, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting
6.4
CVE-2021-24157
Jan 12, 2021
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions
6.3
CVE-2020-36670
Nov 27, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation
9.9
CVE-2021-24158
Nov 24, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles
10.0
CVE-2020-36157
Nov 9, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta
10.0
CVE-2020-36155
Nov 9, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update
9.9
CVE-2020-36156
Nov 9, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation
8.8
CVE-2020-28649
Oct 14, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2020-28650
Oct 7, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions
8.8
CVE-2020-35948
Aug 18, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery
9.8
CVE-2020-35950
Aug 18, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Facebook Chat Plugin <= 1.5 - Missing Capabilities Check
7.4
CVE ID Unknown
Aug 4, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion
8.2
CVE-2020-35951
Aug 3, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Elegant Themes (Multiple Versions) - Arbitrary File Upload
8.8
CVE-2020-35945
Aug 3, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload
9.8
CVE-2020-35949
Aug 3, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change
5.4
CVE-2020-36667
Jul 30, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection CVE-2021-24166 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 16, 2021
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification CVE-2021-24162 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 10, 2021
Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2021-24161 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 10, 2021
Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload CVE-2021-24160 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H February 10, 2021
Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery CVE-2021-24159 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 4, 2021
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2021-24157 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N January 12, 2021
NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions CVE-2020-36670 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L November 27, 2020
Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation CVE-2021-24158 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H November 24, 2020
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles CVE-2020-36157 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta CVE-2020-36155 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update CVE-2020-36156 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H November 9, 2020
Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation CVE-2020-28649 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 14, 2020
WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-28650 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 7, 2020
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions CVE-2020-35948 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 18, 2020
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery CVE-2020-35950 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 18, 2020
Facebook Chat Plugin <= 1.5 - Missing Capabilities Check 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L August 4, 2020
Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion CVE-2020-35951 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H August 3, 2020
Elegant Themes (Multiple Versions) - Arbitrary File Upload CVE-2020-35945 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 3, 2020
Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload CVE-2020-35949 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H August 3, 2020
JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change CVE-2020-36667 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N July 30, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation