🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Jouko Pynnöne

Jouko Pynnöne

108

All Time Ranking

All Time Discoveries

Showing 1-20 of 22 Vulnerabilities

Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Nov 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Formidable Form Builder < 2.05.03 - SQL Injection

8.6

CVE ID Unknown

Nov 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting

8.3

CVE ID Unknown

Nov 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

5.3

CVE ID Unknown

Nov 12, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Platform 4 <= 1.1.4 - Cross-Site Request Forgery

8.8

CVE-2016-10945

Nov 23, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure

8.6

CVE ID Unknown

Oct 31, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Lazy Load < 0.6.1 - Authenticated Stored Cross-Site Scripting

7.4

CVE ID Unknown

Jul 20, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2

6.4

CVE-2016-5833

Jun 18, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name

6.4

CVE-2016-5834

Jun 18, 2016

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

OneLogin SAML-SSO Plugin < 2.1.6 - Authentication Bypass

9.8

CVE ID Unknown

Jun 6, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Fluid Responsive Slideshow < 2.2.7 - Reflected Cross-Site Scripting

6.1

CVE-2016-10975

May 18, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery

8.8

CVE-2016-10974

May 18, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Apr 29, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

OneLogin SAML SSO < 2.2.0 - Authentication Bypass

7.5

CVE-2016-10928

Jan 21, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2015-5622

Jul 23, 2015

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WordPress Core < 4.2.1 - Cross-Site Scripting via Comments

7.2

CVE-2015-3440

Apr 27, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting

7.2

CVE ID Unknown

Apr 20, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting

7.2

CVE ID Unknown

Mar 19, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WPML < 3.1.9 - Cross-Site Scripting

6.1

CVE-2015-2315

Mar 11, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WPML <= 3.1.9 - SQL Injection via lang Parameter

9.8

CVE-2015-2314

Mar 10, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Formidable Form Builder < 2.05.03 - Reflected Cross-Site Scripting		6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 13, 2017
Formidable Form Builder < 2.05.03 - SQL Injection		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Stored Cross-Site Scripting		8.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	November 13, 2017
Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 12, 2017
Platform 4 <= 1.1.4 - Cross-Site Request Forgery	CVE-2016-10945	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 23, 2016
W3 Total Cache <= 0.9.4 - Server-Side Request Forgery leading to Host Information Disclosure		8.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N	October 31, 2016
Lazy Load < 0.6.1 - Authenticated Stored Cross-Site Scripting		7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	July 20, 2016
WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2	CVE-2016-5833	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 18, 2016
WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name	CVE-2016-5834	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 18, 2016
OneLogin SAML-SSO Plugin < 2.1.6 - Authentication Bypass		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 6, 2016
Fluid Responsive Slideshow < 2.2.7 - Reflected Cross-Site Scripting	CVE-2016-10975	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2016
Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery	CVE-2016-10974	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	May 18, 2016
MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 29, 2016
OneLogin SAML SSO < 2.2.0 - Authentication Bypass	CVE-2016-10928	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	January 21, 2016
WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2015-5622	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 23, 2015
WordPress Core < 4.2.1 - Cross-Site Scripting via Comments	CVE-2015-3440	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 27, 2015
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 20, 2015
MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 19, 2015
WPML < 3.1.9 - Cross-Site Scripting	CVE-2015-2315	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 11, 2015
WPML <= 3.1.9 - SQL Injection via lang Parameter	CVE-2015-2314	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 10, 2015

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation