🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Marc-Alexandre Montpas

Marc-Alexandre Montpas

All Time Ranking

All Time Discoveries

Showing 41-49 of 49 Vulnerabilities

InfiniteWP Client <= 1.3.7 - PHP Object Injection

9.8

CVE ID Unknown

Dec 2, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

InfiniteWP Client <= 1.3.7 - Privilege Escalation

9.8

CVE ID Unknown

Dec 2, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WP Statistics < 8.3.1 - Multiple Cross-Site Scripting

7.2

CVE ID Unknown

Nov 20, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Custom Contact Forms <= 5.1.0.3 - Missing Authorization

9.8

CVE ID Unknown

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPtouch <= 3.4.2 - Arbitrary File Upload

9.9

CVE ID Unknown

Aug 1, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Disqus Comment System < 2.76 - Remote Code Execution

9.8

CVE ID Unknown

Jun 20, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All in One SEO <= 2.1.5 - Missing Authorization

6.3

CVE ID Unknown

May 31, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification

4.3

CVE ID Unknown

May 31, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

All in One SEO <= 2.1.5 - Cross-Site Scripting

6.4

CVE ID Unknown

May 31, 2014

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Title	CVSS	Vector	Date
InfiniteWP Client <= 1.3.7 - PHP Object Injection	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 2, 2014
InfiniteWP Client <= 1.3.7 - Privilege Escalation	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 2, 2014
WP Statistics < 8.3.1 - Multiple Cross-Site Scripting	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 20, 2014
Custom Contact Forms <= 5.1.0.3 - Missing Authorization	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 17, 2014
WPtouch <= 3.4.2 - Arbitrary File Upload	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	August 1, 2014
Disqus Comment System < 2.76 - Remote Code Execution	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 20, 2014
All in One SEO <= 2.1.5 - Missing Authorization	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	May 31, 2014
All in One SEO <= 2.2.4.1 - Privilege Escalation to Arbitrary Post Modification	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 31, 2014
All in One SEO <= 2.1.5 - Cross-Site Scripting	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 31, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation