🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

All Time Ranking

136

All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 81-100 of 136 Vulnerabilities

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

7.3

CVE ID Unknown

Mar 19, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions

7.3

CVE-2020-9392

Feb 25, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-0038

Jan 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2020-9393

Feb 25, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization

7.1

CVE-2020-6168

Dec 18, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization

6.6

CVE ID Unknown

May 30, 2021

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation

6.5

CVE-2022-4555

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure

6.5

CVE-2021-34647

Sep 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Plugin Installation

6.5

CVE-2021-24279

Apr 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read

6.5

CVE-2021-4332

Apr 14, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form

6.5

CVE-2021-24183

Mar 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection

6.5

CVE-2021-24185

Mar 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection

6.5

CVE-2021-24181

Mar 15, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

User Profile Picture <= 2.4.0 - Sensitive Information Disclosure

6.5

CVE-2021-24170

Mar 3, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization

6.5

CVE-2019-19915

Dec 19, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation

6.5

CVE-2019-19982

Nov 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting

6.4

CVE-2022-0750

Feb 24, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2021-42367

Dec 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection

6.4

CVE-2021-34648

Sep 22, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting

6.4

CVE-2021-34641

Aug 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization		7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	March 19, 2021
Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions	CVE-2020-9392	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	February 25, 2020
Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-0038	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 3, 2023
Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2020-9393	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 25, 2020
Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization	CVE-2020-6168	7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	December 18, 2019
NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization		6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2021
WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation	CVE-2022-4555	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 28, 2022
Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure	CVE-2021-34647	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	September 22, 2021
Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Plugin Installation	CVE-2021-24279	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	April 20, 2021
The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read	CVE-2021-4332	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	April 14, 2021
Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form	CVE-2021-24183	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 15, 2021
Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection	CVE-2021-24185	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 15, 2021
Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection	CVE-2021-24181	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 15, 2021
User Profile Picture <= 2.4.0 - Sensitive Information Disclosure	CVE-2021-24170	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	March 3, 2021
301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization	CVE-2019-19915	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L	December 19, 2019
Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation	CVE-2019-19982	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 13, 2019
Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting	CVE-2022-0750	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 24, 2022
Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2021-42367	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 1, 2021
Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection	CVE-2021-34648	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 22, 2021
SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting	CVE-2021-34641	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 16, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation