🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jerome Bruandet

Jerome Bruandet

Organization: NinTechNet

All Time Ranking

212

All Time Discoveries

Showing 161-180 of 212 Vulnerabilities

MStore API <= 2.1.5 - Authentication Bypass

9.8

CVE-2020-36713

Mar 11, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Activity Log <= 4.0.1 - Missing Authorization

7.3

CVE-2020-36716

Mar 8, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update

7.2

CVE-2020-36731

Feb 26, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass

6.4

CVE-2020-20633

Feb 11, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wordable <= 3.1.1 - Authentication Bypass

9.8

CVE-2020-36724

Jan 28, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure

5.3

CVE-2020-36710

Jan 27, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass

5.4

CVE-2020-36729

Jan 20, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation

7.6

CVE-2019-25149

Dec 30, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

GDPR Cookie Compliance <= 4.0.2 - Missing Authorization

5.4

CVE-2019-25143

Dec 27, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update

8.8

CVE-2019-25142

Dec 2, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Stored Cross-Site Scripting

6.1

CVE-2019-17236

Nov 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion

7.5

CVE-2019-17234

Nov 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

IgniteUp – Coming Soon and Maintenance Mode <= 3.4.0 - Information Disclosure

5.3

CVE-2019-17235

Nov 10, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation

5.4

CVE-2019-25151

Nov 7, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change

4.3

CVE-2019-16251

Oct 31, 2019

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

GiveWP <= 2.5.9 - Missing Authorization to Settings Update

5.3

CVE-2020-20627

Oct 30, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP HTML Mail < 2.2.11 - HTML injection

5.4

CVE-2019-25144

Oct 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Email Templates <= 1.3 - HTML Injection

8.8

CVE-2019-25150

Oct 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP HTML Mail < 2.9.1 - HTML Injection

6.1

CVE-2019-25148

Oct 25, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Sliced Invoices < 3.8.4 - Authenticated SQL Injection

7.5

CVE-2020-20625

Oct 17, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
MStore API <= 2.1.5 - Authentication Bypass	CVE-2020-36713	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 11, 2020
WP Activity Log <= 4.0.1 - Missing Authorization	CVE-2020-36716	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	March 8, 2020
Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update	CVE-2020-36731	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	February 26, 2020
GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass	CVE-2020-20633	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 11, 2020
Wordable <= 3.1.1 - Authentication Bypass	CVE-2020-36724	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 28, 2020
WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure	CVE-2020-36710	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	January 27, 2020
Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass	CVE-2020-36729	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	January 20, 2020
Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation	CVE-2019-25149	7.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H	December 30, 2019
GDPR Cookie Compliance <= 4.0.2 - Missing Authorization	CVE-2019-25143	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 27, 2019
Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update	CVE-2019-25142	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 2, 2019
IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Stored Cross-Site Scripting	CVE-2019-17236	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 10, 2019
IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion	CVE-2019-17234	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	November 10, 2019
IgniteUp – Coming Soon and Maintenance Mode <= 3.4.0 - Information Disclosure	CVE-2019-17235	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 10, 2019
Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation	CVE-2019-25151	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	November 7, 2019
YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change	CVE-2019-16251	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 31, 2019
GiveWP <= 2.5.9 - Missing Authorization to Settings Update	CVE-2020-20627	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 30, 2019
WP HTML Mail < 2.2.11 - HTML injection	CVE-2019-25144	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	October 25, 2019
Email Templates <= 1.3 - HTML Injection	CVE-2019-25150	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 25, 2019
WP HTML Mail < 2.9.1 - HTML Injection	CVE-2019-25148	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 25, 2019
Sliced Invoices < 3.8.4 - Authenticated SQL Injection	CVE-2020-20625	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 17, 2019

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation