Wordfence Intelligence   >   Vulnerability Researchers   >   Khang Duong

Khang Duong

188
All Time Ranking
17
All Time Discoveries
1
90 Day Published Submissions
5 Mar '25
Last Published Submission

2 Achievements

Learn more about Achievements
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 5, 2025
Submitted XSS Vulnerability
Submitted XSS Vulnerability
March 5, 2025
Learn more Learn more about Achievements

17 Vulnerabilities

Float menu <= 6.1.2 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2025-30912
Mar 27, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
6.1
CVE-2025-26910
Mar 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2025-1672
Mar 5, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Elfsight Yottie Lite <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
5.5
CVE-2025-26561
Feb 13, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Paytm Payment Donation <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2025-22640
Feb 3, 2025
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
WP Spell Check <= 9.21 - Cross-Site Request Forgery
4.3
CVE-2025-25111
Feb 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Print PDF Generator and Publisher <= 1.2.0 - Cross-Site Request Forgery
4.3
CVE-2025-22637
Feb 3, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
ShMapper by Teplitsa <= 1.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting
4.4
CVE-2025-24674
Jan 24, 2025
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate
4.3
CVE-2025-24717
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Sticky Buttons <= 4.1.1 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2025-24720
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2025-24724
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Popup Box <= 3.2.4 - Cross-Site Request Forgery
4.3
CVE-2025-24711
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Herd Effects <= 6.2.1 - Cross-Site Request Forgery to Settings Update
4.3
CVE-2025-24716
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Counter Box <= 2.0.5 - Cross-Site Request Forgery
4.3
CVE-2025-24715
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery
4.3
CVE-2025-24713
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery
4.3
CVE-2025-24714
Jan 24, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Email Reminders <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-56292
Jan 3, 2025
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Float menu <= 6.1.2 - Cross-Site Request Forgery to Settings Update CVE-2025-30912 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N March 27, 2025
WPBookit <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2025-26910 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 9, 2025
Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-1672 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N March 5, 2025
Elfsight Yottie Lite <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-26561 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N February 13, 2025
Paytm Payment Donation <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-22640 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N February 3, 2025
WP Spell Check <= 9.21 - Cross-Site Request Forgery CVE-2025-25111 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 3, 2025
Print PDF Generator and Publisher <= 1.2.0 - Cross-Site Request Forgery CVE-2025-22637 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 3, 2025
ShMapper by Teplitsa <= 1.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting CVE-2025-24674 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N January 24, 2025
Modal Window <= 6.1.4 - Cross-Site Request Forgery to Settings Ipdate CVE-2025-24717 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Sticky Buttons <= 4.1.1 - Cross-Site Request Forgery to Settings Update CVE-2025-24720 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update CVE-2025-24724 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Popup Box <= 3.2.4 - Cross-Site Request Forgery CVE-2025-24711 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Herd Effects <= 6.2.1 - Cross-Site Request Forgery to Settings Update CVE-2025-24716 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Counter Box <= 2.0.5 - Cross-Site Request Forgery CVE-2025-24715 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery CVE-2025-24713 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Bubble Menu – circle floating menu <= 4.0.2 - Cross-Site Request Forgery CVE-2025-24714 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N January 24, 2025
Email Reminders <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2024-56292 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N January 3, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.