🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jerome Bruandet

Jerome Bruandet

Organization: NinTechNet

All Time Ranking

212

All Time Discoveries

Showing 101-120 of 212 Vulnerabilities

Ultimate Reviews < 2.1.33 - PHP Object Injection

9.8

CVE-2020-36726

Nov 10, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection

9.8

CVE-2020-36718

Nov 3, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update

8.8

CVE-2020-36725

Oct 16, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Epsilon Framework Themes (Various Versions) - Function Injection

9.8

CVE-2020-36708

Oct 1, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation

6.5

CVE-2020-36721

Oct 1, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36735

Sep 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36736

Sep 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36753

Sep 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36755

Sep 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36760

Sep 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload

9.8

CVE-2020-36706

Sep 25, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery

8.8

CVE-2020-36707

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36737

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36738

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36739

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36740

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36741

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36742

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36743

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36744

Sep 16, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Ultimate Reviews < 2.1.33 - PHP Object Injection	CVE-2020-36726	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 10, 2020
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection	CVE-2020-36718	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	November 3, 2020
TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update	CVE-2020-36725	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 16, 2020
Epsilon Framework Themes (Various Versions) - Function Injection	CVE-2020-36708	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	October 1, 2020
Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation	CVE-2020-36721	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 1, 2020
WP ERP \| Complete HR solution with recruitment & job listings \| WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass	CVE-2020-36735	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 26, 2020
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass	CVE-2020-36736	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 26, 2020
Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass	CVE-2020-36753	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 26, 2020
Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass	CVE-2020-36755	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 26, 2020
Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass	CVE-2020-36760	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 26, 2020
Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload	CVE-2020-36706	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 25, 2020
Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery	CVE-2020-36707	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 16, 2020
Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass	CVE-2020-36737	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass	CVE-2020-36738	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass	CVE-2020-36739	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass	CVE-2020-36740	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass	CVE-2020-36741	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass	CVE-2020-36742	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass	CVE-2020-36743	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020
NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass	CVE-2020-36744	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 16, 2020

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation