Wordfence Intelligence   >   Vulnerability Researchers   >   Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

17
All Time Ranking
136
All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements
Wordfence Vulnerability Researcher
Wordfence Vulnerability Researcher
November 8, 2023
Learn more Learn more about Achievements

Showing 101-120 of 136 Vulnerabilities

Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation
8.8
CVE-2020-28649
Oct 14, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions
8.8
CVE-2020-35948
Aug 18, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Elegant Themes (Multiple Versions) - Arbitrary File Upload
8.8
CVE-2020-35945
Aug 3, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
8.8
CVE-2020-36669
Jul 16, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
8.8
CVE-2020-35944
May 28, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
8.8
CVE-2020-13643
May 11, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
8.8
CVE-2020-13642
May 5, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE-2020-13641
Apr 27, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery
8.8
CVE-2020-12076
Mar 24, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WebToffee Plugins <= (Various Versions) - Arbitrary User Creation
8.8
CVE-2020-12074
Mar 11, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes
8.8
CVE-2020-9394
Feb 25, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution
8.8
CVE-2020-8417
Jan 29, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes
8.8
CVE-2020-6167
Jan 8, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
8.8
CVE-2019-19979
Nov 19, 2019
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions
9.1
CVE-2020-12073
Mar 4, 2020
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
WP Database Reset <= 3.1 - Unauthenticated Database Reset
9.1
CVE-2020-7048
Jan 16, 2020
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file
9.6
CVE-2023-5212
Oct 11, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation
9.8
CVE-2022-4939
Apr 5, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
9.8
CVE-2022-0992
Apr 6, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
RegistrationMagic <= 5.0.1.7 - Authentication Bypass
9.8
CVE-2021-4073
Dec 8, 2021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation CVE-2020-28649 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 14, 2020
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions CVE-2020-35948 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 18, 2020
Elegant Themes (Multiple Versions) - Arbitrary File Upload CVE-2020-35945 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 3, 2020
JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload CVE-2020-36669 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 16, 2020
Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2020-35944 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 28, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13643 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 11, 2020
Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2020-13642 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H May 5, 2020
Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2020-13641 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H April 27, 2020
Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery CVE-2020-12076 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 24, 2020
WebToffee Plugins <= (Various Versions) - Arbitrary User Creation CVE-2020-12074 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 11, 2020
Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes CVE-2020-9394 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H February 25, 2020
Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution CVE-2020-8417 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H January 29, 2020
Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes CVE-2020-6167 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H January 8, 2020
WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2019-19979 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H November 19, 2019
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions CVE-2020-12073 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L March 4, 2020
WP Database Reset <= 3.1 - Unauthenticated Database Reset CVE-2020-7048 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H January 16, 2020
AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file CVE-2023-5212 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H October 11, 2023
WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation CVE-2022-4939 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 5, 2023
SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup CVE-2022-0992 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 6, 2022
RegistrationMagic <= 5.0.1.7 - Authentication Bypass CVE-2021-4073 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 8, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation