36 matches found
CVE-2025-68873
CVE-2025-68873 is a Reflected XSS in PRIMER by chloédigital (WordPress plugin) affecting PRIMER versions up to 1.0.25. The Wordfence Vulnerability Report lists it as Unpatched; no exploitation details are provided in the connected docs beyond the vulnerability type and affected software.
WordPress Newscrunch theme <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Chloe Chamberland in WordPress Theme Newscrunch versions = 1.8.4...
WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.6.0 is vulnerable to Broken Access Control
Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2066 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSI...
chloegraftiaux.com Cross Site Scripting vulnerability OBB-3313872
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control
Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...
WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.12 Fixed in 3.5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13c6dc4f50f8 Credits Chloe Chamberland...
CVE-2015-10084
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of t...
Sql injection
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of t...
CVE-2015-10084
CVE-2015-10084 affects irontec klear-library chloe. The vulnerability stems from the _prepareWhere function in Controller/Rest/BaseController.php, enabling SQL injection. Versions prior to marla are affected; upgrading to marla addresses the issue. A patch is identified as b25262de52fdaffde2a4434...
PT-2023-10263 · Irontec · Irontec Klear-Library
Name of the Vulnerable Software and Affected Versions: irontec klear-library chloe versions prior to marla Description: A critical issue was found in the prepareWhere function of the Controller/Rest/BaseController.php file, leading to sql injection. Recommendations: For versions prior to marla,...
irontec klear-library chloe SQL注入漏洞
klear-library is a Zend Framework 1 public site external library open source by Irontec. Irontec klear-library chloe has a SQL injection vulnerability , the vulnerability stems from the file Controller/Rest/BaseController.php function prepareWhere has a problem , which will lead to sql injection...
WordPress Download Manager 3.2.50 Arbitrary File Deletion
Description: Authenticated Contributor+ Arbitrary File Deletion Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: W3 Eden, Inc. Affected Versions: = 3.2.50 CVE ID: CVE-2022-2431 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...
High Severity Vulnerability Patched in Download Manager Plugin
On July 8, 2022 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Download Manager,” a WordPress plugin that is installed on over 100,000 sites. This flaw makes it possible for an authenticated attacker to delete arbitrary...
WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability
Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...
WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...
WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...
WordPress Side Cart Woocommerce (Ajax) plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland in WordPress Side Cart Woocommerce Ajax plugin versions = 2.0. Solution Update the WordPress Side Cart Woocommerce Ajax plugin to the latest available version at least 2.1...
WordPress Variation Swatches for WooCommerce plugin <= 2.1.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland WordFence in WordPress Variation Swatches for WooCommerce plugin versions = 2.1.1. Solution Update the WordPress Variation Swatches for WooCommerce plugin to the latest available version at least 2.1.2...
WordPress Access Demo Importer plugin <= 1.0.6 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability discovered by Chloe Chamberland WordFence in WordPress Access Demo Importer plugin versions = 1.0.6. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.7...