Marc-Alexandre Montpas

Title	CVE ID	CVSS	Vector	Date
WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion	CVE-2021-24566	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 22, 2021
Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery	CVE-2021-24231	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	March 26, 2021
Slimstat Analytics < 3.9.6 - Unauthenticated Blind SQL Injection		8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N	February 24, 2015
Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery	CVE-2021-24230	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	March 26, 2021
Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes	CVE-2023-0631	7.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	February 28, 2023
User Activity Log <= 1.6.4 - Unauthenticated SQL Injection	CVE-2023-3435	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	July 24, 2023
Patreon WordPress < 1.7.0 - Local File Disclosure	CVE-2021-24227	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 26, 2021
Duplicate Page <= 3.3 - SQL Injection		7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	March 22, 2019
WordPress Core < 4.7.2 - Arbitrary Page Modification	CVE-2017-1001000	7.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H	January 26, 2017
Page Builder: Pagelayer – Drag and Drop website builder <= 1.7.6 - Missing Authorization to Stored Cross-Site Scripting	CVE-2023-4687	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 25, 2023
bbPress < 2.5.9 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	May 3, 2016
Jetpack <= 3.7.1 - Stored Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 1, 2015
WP Super Cache < 1.4.3 - Cross Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 7, 2015
WP Statistics < 8.3.1 - Multiple Cross-Site Scripting		7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	November 20, 2014
UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure	CVE-2022-0633	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	February 17, 2022
Page Builder: Pagelayer <= 1.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via Header/Footer	CVE-2023-5087	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	September 25, 2023
Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting	CVE-2023-1861	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 10, 2023
Elementor Website Builder <= 2.7.5 - Stored Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 29, 2020
WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds	CVE-2017-6817	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	March 6, 2017
All in One SEO <= 2.1.5 - Cross-Site Scripting		6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 31, 2014

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation