🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Chloe Chamberland

Chloe Chamberland

Organization: Wordfence

All Time Ranking

136

All Time Discoveries

About

Threat Intelligence Lead @Wordfence

Masters of Cybersecurity and Information Assurance OSCP, OSWP, OSWE, CISSP, CEH, ECSA, Security+, CySA+, PenTest+, CASP+, SSCP, eWPT, eWPTx, AWS Security Speciality

When not breaking things, I enjoy coffee, travel, donuts, and nature.

1 Achievement

Learn more about Achievements

Learn more Learn more about Achievements

Showing 121-136 of 136 Vulnerabilities

JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update

5.4

CVE-2023-0086

Jan 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection

5.4

CVE-2021-24166

Feb 16, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change

5.4

CVE-2020-36667

Jul 30, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change

5.4

CVE-2020-6166

Jan 8, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings

5.4

CVE-2019-19981

Nov 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function

4.3

CVE-2023-3977

Jul 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function

4.3

CVE-2023-0958

Jul 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure

4.3

CVE-2022-4932

Feb 24, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval

4.3

CVE-2021-24355

May 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion

4.3

CVE-2021-24281

Apr 20, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure

4.3

CVE-2021-24164

Feb 16, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure

4.3

CVE-2020-36668

Jul 30, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure

4.3

CVE-2020-8934

May 21, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import

4.3

CVE-2020-12074

Mar 11, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email

4.3

CVE-2019-19980

Nov 13, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Fast Velocity Minify <= 2.7.6 - Full Path Disclosure

4.3

CVE-2019-19983

Oct 16, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update	CVE-2023-0086	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	January 4, 2023
Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection	CVE-2021-24166	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 16, 2021
JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change	CVE-2020-36667	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	July 30, 2020
Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change	CVE-2020-6166	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	January 8, 2020
Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings	CVE-2019-19981	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	November 13, 2019
Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function	CVE-2023-3977	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 27, 2023
Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function	CVE-2023-0958	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	July 27, 2023
Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure	CVE-2022-4932	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 24, 2022
Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval	CVE-2021-24355	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 26, 2021
Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion	CVE-2021-24281	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 20, 2021
Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure	CVE-2021-24164	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	February 16, 2021
JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure	CVE-2020-36668	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	July 30, 2020
Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure	CVE-2020-8934	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	May 21, 2020
Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import	CVE-2020-12074	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	March 11, 2020
Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email	CVE-2019-19980	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	November 13, 2019
Fast Velocity Minify <= 2.7.6 - Full Path Disclosure	CVE-2019-19983	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	October 16, 2019

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation