Wordfence Intelligence   >   Vulnerability Researchers   >   Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

16
All Time Ranking
136
All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023
Learn more Learn more about Achievements

Showing 101-120 of 136 Vulnerabilities

JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure
4.3
CVE-2020-36668
Jul 30, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2020-35946
Jul 16, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
8.8
CVE-2020-36669
Jul 16, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
8.8
CVE-2020-35944
May 28, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting
7.4
CVE-2020-35947
May 28, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure
4.3
CVE-2020-8934
May 21, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
8.8
CVE-2020-13643
May 11, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload
9.9
CVE-2020-13126
May 6, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
8.8
CVE-2020-13642
May 5, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE-2020-13641
Apr 27, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery
8.8
CVE-2020-12076
Mar 24, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions
6.3
CVE-2020-12075
Mar 23, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Accordion <= 2.2.8 - Unprotected AJAX Action to Stored/Reflected Cross-Site Scripting
6.4
CVE-2020-13644
Mar 18, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WebToffee Plugins <= (Various Versions) - Arbitrary User Creation
8.8
CVE-2020-12074
Mar 11, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import
4.3
CVE-2020-12074
Mar 11, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ThemeREX Addons (Various Versions) - Missing Authorization
9.8
CVE-2020-10257
Mar 9, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions
9.1
CVE-2020-12073
Mar 4, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
8.8
CVE-2020-9394
Feb 25, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2020-9393
Feb 25, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
7.3
CVE-2020-9392
Feb 25, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Title CVE ID CVSS Vector Date
JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure CVE-2020-36668 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N July 30, 2020
All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-35946 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 16, 2020
JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2020-36669 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 16, 2020
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2020-35944 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 28, 2020
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting CVE-2020-35947 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L May 28, 2020
Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure CVE-2020-8934 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 21, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13643 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 11, 2020
Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2020-13126 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13642 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 5, 2020
Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2020-13641 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H April 27, 2020
Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery CVE-2020-12076 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 24, 2020
Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions CVE-2020-12075 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L March 23, 2020
Accordion <= 2.2.8 - Unprotected AJAX Action to Stored/Reflected Cross-Site Scripting CVE-2020-13644 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 18, 2020
WebToffee Plugins <= (Various Versions) - Arbitrary User Creation CVE-2020-12074 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 11, 2020
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import CVE-2020-12074 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 11, 2020
ThemeREX Addons (Various Versions) - Missing Authorization CVE-2020-10257 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 9, 2020
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions CVE-2020-12073 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L March 4, 2020
Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes CVE-2020-9394 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 25, 2020
Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting CVE-2020-9393 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N February 25, 2020
Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions CVE-2020-9392 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L February 25, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation