RESEARCH
You can find all of my work and research here: https://www.wordfence.com/blog/author/wfchloe/
The following is a list of some of my CVEs (this hasn’t been updated in a while :)).
CVE-2019-19915
Description | |
---|---|
CVSS SCORE: 9.0 (Critical) CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H The “301 Redirects – Easy Redirect Manager” plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF. Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager |
CVE-2019-19979
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
High Severity Vulnerability Patched in WP Maintenance Plugin |
CVE-2019-19982
Description | |
---|---|
CVSS SCORE: 6.4 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request. Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin |
CVE-2019-19984
Description | |
---|---|
CVSS SCORE: 6.3 (Medium) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin |
CVE-2019-19985
Description | |||
---|---|---|---|
CVSS SCORE: 5.8 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin |
CVE-2019-19981
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin |
CVE-2019-19980
Description | |
---|---|
CVSS SCORE: 4.3 (Medium) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email. Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin |
CVE-2020-6167
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin |
CVE-2020-6168
Description | |||
---|---|---|---|
CVSS SCORE: 7.1 (Medium) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin |
CVE-2020-6166
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin |
CVE-2019-19983
Description | |
---|---|
CVSS SCORE: 4.3 (Medium) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action. Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin |
CVE-2020-7048
Description | |
---|---|
CVSS SCORE: 9.1 (Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin |
CVE-2020-7047
Description | |
---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin |
CVE-2020-8417
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
High Severity CSRF to RCE Vulnerability Patched in Code Snippets Plugin |
CVE-2020-9043
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability in wpCentral Plugin Leads to Privilege Escalation |
CVE-2020-9392
Description | |||
---|---|---|---|
CVSS SCORE: 7.3 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin |
CVE-2020-9393
Description | |||
---|---|---|---|
CVSS SCORE: 6.1 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin |
CVE-2020-9394
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Pricing Table by Supsystic Plugin |
CVE-2020-12074
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Patched in Import Export WordPress Users |
CVE-2020-12073
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severe Flaws Patched in Responsive Ready Sites Importer Plugin |
CVE-2020-12075
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin |
CVE-2020-12076
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerabilities Patched in the Data Tables Generator by Supsystic Plugin |
CVE-2020-13644
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Patched in Accordion Plugin |
CVE-2020-13641
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
High Severity Vulnerability Patched in Real-Time Find and Replace Plugin |
CVE-2020-13643
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites |
CVE-2020-13642
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerabilities Patched in Page Builder by SiteOrigin Affects Over 1 Million Sites |
CVE-2020-35947
Description | |||
---|---|---|---|
CVSS SCORE: 7.4 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites |
CVE-2020-35946
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2 Million Users Affected by Vulnerability in All in One SEO Pack |
CVE-2020-24186
Description | |||
---|---|---|---|
CVSS SCORE: 10.0 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin |
CVE-2020-35945
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder |
CVE-2020-35949
Description | |||
---|---|---|---|
CVSS SCORE: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical Vulnerabilities Patched in Quiz and Survey Master Plugin |
CVE-2020-35951
Description | |||
---|---|---|---|
CVSS SCORE: 9.9 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Critical Vulnerabilities Patched in Quiz and Survey Master Plugin |
CVE-2020-35948
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin |
CVE-2020-35950
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin |
CVE-2020-28650
Description | |||
---|---|---|---|
CVSS SCORE: 6.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Exposes Over 4 Million Sites Using WPBakery |
CVE-2020-28649
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
High Severity Vulnerability Patched in Child Theme Creator by Orbisius |
CVE-2020-36155
Description | |||
---|---|---|---|
CVSS SCORE: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin |
CVE-2020-36157
Description | |||
---|---|---|---|
CVSS SCORE: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin |
CVE-2020-36156
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin |
CVE-2021-24158
Description | |||
---|---|---|---|
CVSS SCORE: 9.9 (Critical) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin |
CVE-2021-24157
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin |
CVE-2021-24159
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Orbit Fox by ThemeIsle Plugin |
CVE-2021-24160
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Responsive Menu Plugin |
CVE-2021-24161
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Responsive Menu Plugin |
CVE-2021-24162
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Multiple Vulnerabilities Patched in Responsive Menu Plugin |
CVE-2021-24163
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms |
CVE-2021-24164
Description | |||
---|---|---|---|
CVSS SCORE: 4.3 (Medium) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms |
CVE-2021-24165
Description | |||
---|---|---|---|
CVSS SCORE: 6.1 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms |
CVE-2021-24166
Description | |||
---|---|---|---|
CVSS SCORE: 5.4 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms |
CVE-2021-24170
Description | |||
---|---|---|---|
CVSS SCORE: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Medium Severity Vulnerability Patched in User Profile Picture Plugin |
CVE-2021-24185
Description | |||
---|---|---|---|
CVSS SCORE: 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24181
Description | |||
---|---|---|---|
CVSS SCORE: 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24182
Description | |||
---|---|---|---|
CVSS SCORE: 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24183
Description | |||
---|---|---|---|
CVSS SCORE: 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24186
Description | |||
---|---|---|---|
CVSS SCORE: 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24184
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Several Vulnerabilities Patched in Tutor LMS Plugin |
CVE-2021-24217
Description | |||
---|---|---|---|
CVSS SCORE: 8.1 (High) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Two Vulnerabilities Patched in Facebook for WordPress Plugin |
CVE-2021-24218
Description | |||
---|---|---|---|
CVSS SCORE: 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:R/UI:N/S:U/C:H/I:H/A:H
Two Vulnerabilities Patched in Facebook for WordPress Plugin |