🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jerome Bruandet

Jerome Bruandet

Organization: NinTechNet

All Time Ranking

212

All Time Discoveries

Showing 41-60 of 212 Vulnerabilities

Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution

8.8

CVE-2021-4382

Jun 7, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass

8.8

CVE-2021-4401

Mar 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery

8.8

CVE-2021-4349

Mar 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import

8.8

CVE-2021-4373

Mar 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Secure File Manager < 2.8.2 - Remote Code Execution

8.8

CVE-2020-35235

Nov 23, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update

8.8

CVE-2020-36725

Oct 16, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery

8.8

CVE-2020-36707

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Kali Forms <= 2.1.1 - Cross-Site Request Forgery

8.8

CVE-2020-36717

Aug 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

8.8

CVE-2020-36698

Jul 6, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload

8.8

CVE-2020-36701

Jun 15, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

8.8

CVE-2020-36700

Jun 15, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update

8.8

CVE-2019-25142

Dec 2, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Email Templates <= 1.3 - HTML Injection

8.8

CVE-2019-25150

Oct 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery

8.8

CVE-2019-15238

Aug 12, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Woody Ad Snippets <= 2.2.4 - Missing Authorization to Settings Import

8.8

CVE-2019-15858

Aug 2, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Crelly Slider <= 1.3.4 - Arbitrary File Upload

8.8

CVE-2019-15866

Jun 6, 2019

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion

8.6

CVE-2020-36712

Aug 21, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CMP <= 3.8.1 - Missing Authorization

8.3

CVE-2020-36730

Aug 4, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Donations < 1.4 - Unauthenticated Arbitrary Options Change

8.2

CVE-2019-15772

Aug 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L

WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection

8.1

CVE-2021-4383

Jan 12, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution	CVE-2021-4382	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 7, 2021
Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass	CVE-2021-4401	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	March 1, 2021
Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery	CVE-2021-4349	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	March 1, 2021
Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import	CVE-2021-4373	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	March 1, 2021
Secure File Manager < 2.8.2 - Remote Code Execution	CVE-2020-35235	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 23, 2020
TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update	CVE-2020-36725	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 16, 2020
Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery	CVE-2020-36707	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 16, 2020
Kali Forms <= 2.1.1 - Cross-Site Request Forgery	CVE-2020-36717	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 21, 2020
Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization	CVE-2020-36698	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 6, 2020
Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload	CVE-2020-36701	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 15, 2020
Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control	CVE-2020-36700	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 15, 2020
Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update	CVE-2019-25142	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 2, 2019
Email Templates <= 1.3 - HTML Injection	CVE-2019-25150	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 25, 2019
CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery	CVE-2019-15238	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 12, 2019
Woody Ad Snippets <= 2.2.4 - Missing Authorization to Settings Import	CVE-2019-15858	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 2, 2019
Crelly Slider <= 1.3.4 - Arbitrary File Upload	CVE-2019-15866	8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	June 6, 2019
Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion	CVE-2020-36712	8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	August 21, 2020
CMP <= 3.8.1 - Missing Authorization	CVE-2020-36730	8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	August 4, 2020
Donations < 1.4 - Unauthenticated Arbitrary Options Change	CVE-2019-15772	8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L	August 3, 2019
WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection	CVE-2021-4383	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	January 12, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation