🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jerome Bruandet

Jerome Bruandet

Organization: NinTechNet

All Time Ranking

212

All Time Discoveries

Showing 41-60 of 212 Vulnerabilities

Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download

9.0

CVE-2021-4356

Jul 12, 2021

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4427

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4398

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4395

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4411

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4424

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Locations <= 3.2.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4394

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload

8.8

CVE-2021-4354

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PWA for WP & AMP < = 1.7.32 - Missing Authorization

6.3

CVE-2021-4366

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4399

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4391

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4390

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Remove Schema <= 1.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4403

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4415

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4416

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4426

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4397

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4408

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation

6.4

CVE-2021-4338

Jun 18, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass

4.3

CVE-2021-4418

Jun 8, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download	CVE-2021-4356	9.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	July 12, 2021
Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass	CVE-2021-4427	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery Bypass	CVE-2021-4398	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass	CVE-2021-4395	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass	CVE-2021-4411	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass	CVE-2021-4424	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
Locations <= 3.2.1 - Cross-Site Request Forgery Bypass	CVE-2021-4394	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 5, 2021
PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload	CVE-2021-4354	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 1, 2021
PWA for WP & AMP < = 1.7.32 - Missing Authorization	CVE-2021-4366	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	July 1, 2021
Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass	CVE-2021-4399	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 28, 2021
Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass	CVE-2021-4391	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass	CVE-2021-4390	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
Remove Schema <= 1.5 - Cross-Site Request Forgery Bypass	CVE-2021-4403	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass	CVE-2021-4415	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass	CVE-2021-4416	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass	CVE-2021-4426	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass	CVE-2021-4397	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass	CVE-2021-4408	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 21, 2021
404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation	CVE-2021-4338	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 18, 2021
Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass	CVE-2021-4418	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 8, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation