🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

All Time Ranking

136

All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 21-40 of 136 Vulnerabilities

Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions

9.1

CVE-2020-12073

Mar 4, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

WP Database Reset <= 3.1 - Unauthenticated Database Reset

9.1

CVE-2020-7048

Jan 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode

8.8

CVE-2023-4598

Sep 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

8.8

CVE-2023-3636

Jul 24, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2023-3295

Jun 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WCFM Marketplace <= 3.4.11 - Missing Authorization

8.8

CVE-2022-4935

Apr 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion

8.8

CVE-2022-2431

Jul 27, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8

CVE-2022-0215

Jan 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2022-0215

Jan 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2022-0215

Jan 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Post Grid <= 2.1.12 - Contributor+ SQL Injection

8.8

CVE ID Unknown

Dec 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sassy Social Share 3.3.23 - Object Injection

8.8

CVE-2021-39321

Oct 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload

8.8

CVE-2021-4330

Oct 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2021-39317

Oct 6, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

WooCommerce Stock Manager <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVE-2021-34619

Jun 14, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import

8.8

CVE-2021-24353

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation

8.8

CVE-2021-24356

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation

8.8

CVE-2021-24354

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export

8.8

CVE-2021-24352

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H

External Media <= 1.0.33 - Authenticated Arbitrary File Upload

8.8

CVE-2021-24311

May 13, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions	CVE-2020-12073	9.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L	March 4, 2020
WP Database Reset <= 3.1 - Unauthenticated Database Reset	CVE-2020-7048	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	January 16, 2020
Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode	CVE-2023-4598	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	September 11, 2023
WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation	CVE-2023-3636	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 24, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2023-3295	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 16, 2023
WCFM Marketplace <= 3.4.11 - Missing Authorization	CVE-2022-4935	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 5, 2023
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion	CVE-2022-2431	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 27, 2022
Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2022-0215	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2022
Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2022-0215	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2022
Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2022-0215	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2022
Post Grid <= 2.1.12 - Contributor+ SQL Injection		8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 15, 2021
Sassy Social Share 3.3.23 - Object Injection	CVE-2021-39321	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 21, 2021
Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload	CVE-2021-4330	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 21, 2021
AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2021-39317	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 6, 2021
WooCommerce Stock Manager <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload	CVE-2021-34619	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	June 14, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import	CVE-2021-24353	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H	May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation	CVE-2021-24356	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation	CVE-2021-24354	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 26, 2021
Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export	CVE-2021-24352	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H	May 26, 2021
External Media <= 1.0.33 - Authenticated Arbitrary File Upload	CVE-2021-24311	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 13, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation