🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Erwan LR

Erwan LR

Organization: WPScan

All Time Ranking

121

All Time Discoveries

Showing 1-20 of 121 Vulnerabilities

ChatBot <= 4.4.6 - Unauthenticated PHP Object Injection via Cookies

9.8

CVE-2023-1650

Apr 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Events Made Easy <= 2.2.80 - SQL Injection

9.8

CVE-2022-1905

May 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Realia <= 1.4.0 - Arbitrary Post Deletion

9.1

CVE ID Unknown

Oct 15, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

8.8

CVE-2023-0579

Apr 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode

8.8

CVE-2023-0340

Feb 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2023-0381

Feb 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ultimate Membership Pro <= 8.6 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Feb 24, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ultimate Membership Pro <= 8.6.1 - Cross-Site Request Forgery

8.8

CVE ID Unknown

Feb 24, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting

7.2

CVE-2023-2333

Jun 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting

7.2

CVE-2023-1420

Apr 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection

7.2

CVE-2023-0955

Mar 6, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure

6.5

CVE-2023-3707

Sep 25, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise

6.5

CVE-2023-3179

Jun 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Sensitive Information Exposure

6.5

CVE-2023-2623

Jun 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Cross-Site Request Forgery

6.5

CVE-2023-2628

Jun 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url

6.5

CVE-2023-1938

May 2, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard

6.5

CVE-2023-1660

Apr 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure

6.5

CVE-2023-0911

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access

6.5

CVE-2023-0749

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Mmm Simple File List <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-4514

Nov 6, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
ChatBot <= 4.4.6 - Unauthenticated PHP Object Injection via Cookies	CVE-2023-1650	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 12, 2023
Events Made Easy <= 2.2.80 - SQL Injection	CVE-2022-1905	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 27, 2022
Realia <= 1.4.0 - Arbitrary Post Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	October 15, 2020
YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode	CVE-2023-0579	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 25, 2023
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode	CVE-2023-0340	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 22, 2023
GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection	CVE-2023-0381	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	February 6, 2023
Ultimate Membership Pro <= 8.6 - Cross-Site Request Forgery		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 24, 2020
Ultimate Membership Pro <= 8.6.1 - Cross-Site Request Forgery		8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 24, 2020
Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting	CVE-2023-2333	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 12, 2023
Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting	CVE-2023-1420	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 3, 2023
WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection	CVE-2023-0955	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 6, 2023
ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure	CVE-2023-3707	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	September 25, 2023
POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise	CVE-2023-3179	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	June 26, 2023
KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Sensitive Information Exposure	CVE-2023-2623	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	June 5, 2023
KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Cross-Site Request Forgery	CVE-2023-2628	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	June 5, 2023
WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url	CVE-2023-1938	6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	May 2, 2023
ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard	CVE-2023-1660	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 12, 2023
Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure	CVE-2023-0911	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 27, 2023
Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access	CVE-2023-0749	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 14, 2023
Mmm Simple File List <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-4514	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation