🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jerome Bruandet

Jerome Bruandet

Organization: NinTechNet

All Time Ranking

212

All Time Discoveries

Showing 61-80 of 212 Vulnerabilities

Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

7.6

CVE-2019-25149

Dec 30, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

7.5

CVE-2021-4355

Aug 6, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export

7.5

CVE-2021-4348

Feb 5, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

uListing <= 1.6.6 - Unauthenticated Information Disclosure

7.5

CVE-2021-4339

Jan 28, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization

7.5

CVE-2020-36696

Aug 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion

7.5

CVE-2019-17234

Nov 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Sliced Invoices < 3.8.4 - Authenticated SQL Injection

7.5

CVE-2020-20625

Oct 17, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Search Exclude <= 1.2.3 - Arbitrary Settings Change

7.5

CVE-2019-15895

Sep 7, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

WP Private Content Plus <= 1.31 - Unauthenticated Settings Change

7.5

CVE-2019-15816

Aug 27, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update

7.5

CVE-2019-15821

Aug 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Ocean Extra <= 1.5.7 - Unauthenticated Options update and CSS injection

7.5

CVE-2019-16250

Jul 3, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

LearnDash LMS <= 2.5.3 - Arbitrary File Upload

7.5

CVE-2018-25019

Jan 6, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Brizy < 1.0.126 - Authorization Bypass to Settings Updates

7.4

CVE-2020-36714

Jun 3, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

7.4

CVE-2020-36715

May 14, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

WP GDPR <= 2.1.1 - Missing Authorization Checks

7.3

CVE-2020-36697

Apr 23, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

WP Activity Log <= 4.0.1 - Missing Authorization

7.3

CVE-2020-36716

Mar 8, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2021-4358

Sep 24, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2021-4365

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails

7.2

CVE-2021-4350

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Stored Cross-Site Scripting

7.2

CVE-2019-17231

Apr 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation	CVE-2019-25149	7.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H	December 30, 2019
Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure	CVE-2021-4355	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 6, 2021
Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export	CVE-2021-4348	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	February 5, 2021
uListing <= 1.6.6 - Unauthenticated Information Disclosure	CVE-2021-4339	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	January 28, 2021
Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization	CVE-2020-36696	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 3, 2020
IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion	CVE-2019-17234	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	November 10, 2019
Sliced Invoices < 3.8.4 - Authenticated SQL Injection	CVE-2020-20625	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 17, 2019
Search Exclude <= 1.2.3 - Arbitrary Settings Change	CVE-2019-15895	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	September 7, 2019
WP Private Content Plus <= 1.31 - Unauthenticated Settings Change	CVE-2019-15816	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	August 27, 2019
Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update	CVE-2019-15821	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	August 23, 2019
Ocean Extra <= 1.5.7 - Unauthenticated Options update and CSS injection	CVE-2019-16250	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	July 3, 2019
LearnDash LMS <= 2.5.3 - Arbitrary File Upload	CVE-2018-25019	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	January 6, 2018
Brizy < 1.0.126 - Authorization Bypass to Settings Updates	CVE-2020-36714	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	June 3, 2020
Login/Signup Popup < 1.5 - Missing Authorization	CVE-2020-36715	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	May 14, 2020
WP GDPR <= 2.1.1 - Missing Authorization Checks	CVE-2020-36697	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	April 23, 2020
WP Activity Log <= 4.0.1 - Missing Authorization	CVE-2020-36716	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	March 8, 2020
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting	CVE-2021-4358	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 24, 2021
Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2021-4365	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 12, 2021
Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails	CVE-2021-4350	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L	July 12, 2021
OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Stored Cross-Site Scripting	CVE-2019-17231	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 3, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation