Le Ngoc Anh

Organization: sun*inc

27
All Time Ranking
148
All Time Discoveries
4
90 Day Published Submissions
20 Nov '24
Last Published Submission
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
November 8, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
May 21, 2024

Showing 41-60 of 148 Vulnerabilities

Title CVE ID CVSS Vector Date
ParcelPanel <= 4.3.2 - Reflected Cross-Site Scripting CVE-2024-43163 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N August 7, 2024
WooCommerce Report <= 1.4.5 - Reflected Cross-Site Scripting CVE-2024-38683 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 10, 2024
MakeCommerce for WooCommerce <= 3.5.1 - Reflected Cross-Site Scripting CVE-2024-37509 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 4, 2024
Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting CVE-2024-5544 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 1, 2024
PayPlus Payment Gateway <= 6.6.8 - Reflected Cross-Site Scripting CVE-2024-37459 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N July 1, 2024
WP-Lister Lite for Amazon <= 2.6.16 - Reflected Cross-Site Scripting CVE-2024-37261 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 27, 2024
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Reflected Cross-Site Scripting CVE-2024-37262 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 27, 2024
Auto Coupons for WooCommerce <= 3.0.14 - Reflected Cross-Site Scripting CVE-2024-35733 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 6, 2024
Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.3 - Reflected Cross-Site Scripting CVE-2024-35730 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 6, 2024
Event Tickets with Ticket Scanner <= 2.3.1 - Reflected Cross-Site Scripting CVE-2024-35652 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 3, 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection CVE-2024-5207 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 22, 2024
Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang CVE-2024-3519 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 21, 2024
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting CVE-2024-3547 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N May 9, 2024
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-34412 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2024
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting CVE-2024-33928 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 29, 2024
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting CVE-2024-32785 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery CVE-2024-32789 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 22, 2024
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery CVE-2024-33681 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 19, 2024
Freshdesk (official) <= 2.3.6 - Open Redirect CVE-2024-32129 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 12, 2024
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection CVE-2024-32127 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H April 12, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation