Wordfence Intelligence   >   Vulnerability Researchers   >   Julien Ahrens

Julien Ahrens

127
All Time Ranking
16
All Time Discoveries

16 Vulnerabilities

Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection
8.8
CVE-2022-3861
Nov 18, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Becustom <= 1.0.5.2 - Cross-Site Request Forgery
8.8
CVE-2022-3747
Nov 14, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Transposh WordPress Translation <= 1.0.8.1 - Cross-Site Request Forgery
8.8
CVE-2021-24912
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection
8.8
CVE-2019-12516
Sep 10, 2019
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass
7.5
CVE-2022-2536
Nov 14, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion
7.2
CVE-2023-0291
Feb 15, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution
7.2
CVE-2022-25812
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor'
7.2
CVE-2022-25811
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation'
6.5
CVE-2021-24911
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks
6.3
CVE-2022-25810
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp
6.1
CVE-2021-24910
Jul 22, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting
6.1
CVE-2019-12517
Sep 10, 2019
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
5.4
CVE-2023-0292
Feb 8, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change
5.3
CVE-2022-2461
Jul 18, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure
5.3
CVE-2022-2462
Jul 18, 2022
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal
4.3
CVE-2022-0779
May 16, 2022
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Title CVE ID CVSS Vector Date
Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection CVE-2022-3861 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 18, 2022
Becustom <= 1.0.5.2 - Cross-Site Request Forgery CVE-2022-3747 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H November 14, 2022
Transposh WordPress Translation <= 1.0.8.1 - Cross-Site Request Forgery CVE-2021-24912 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H July 22, 2022
SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection CVE-2019-12516 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 10, 2019
Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass CVE-2022-2536 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N November 14, 2022
Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion CVE-2023-0291 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L February 15, 2023
Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution CVE-2022-25812 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 22, 2022
Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' CVE-2022-25811 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H July 22, 2022
Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' CVE-2021-24911 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N July 22, 2022
Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks CVE-2022-25810 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L July 22, 2022
Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp CVE-2021-24910 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 22, 2022
SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting CVE-2019-12517 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N September 10, 2019
Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion CVE-2023-0292 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L February 8, 2023
Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change CVE-2022-2461 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N July 18, 2022
Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure CVE-2022-2462 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N July 18, 2022
User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal CVE-2022-0779 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N May 16, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation