Le Ngoc Anh

Organization: sun*inc

27
All Time Ranking
148
All Time Discoveries
4
90 Day Published Submissions
20 Nov '24
Last Published Submission
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
November 8, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
May 21, 2024

Showing 61-80 of 148 Vulnerabilities

Title CVE ID CVSS Vector Date
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection CVE-2024-32098 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection CVE-2024-32087 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting CVE-2024-31255 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 5, 2024
WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting CVE-2024-31256 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 5, 2024
OAuth Server <= 4.3.3 - Open Redirect CVE-2024-31253 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N April 5, 2024
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection CVE-2024-31241 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 5, 2024
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection CVE-2024-30486 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 28, 2024
Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection CVE-2024-30242 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 26, 2024
Bulk NoIndex & NoFollow Toolkit <= 2.01 - Reflected Cross-Site Scripting via tab, order, and orderby CVE-2024-29791 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Conversios.io <= 6.9.1 - Reflected Cross-Site Scripting CVE-2024-29794 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
ReDi Restaurant Reservation <= 24.0128 - Reflected Cross-Site Scripting CVE-2024-29806 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Shipping with Venipak for WooCommerce <= 1.19.5 - Reflected Cross-Site Scripting via 'venipak_labels_link' CVE-2024-29805 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 25, 2024
Advanced Sermons <= 3.2 - Reflected Cross-Site Scripting CVE-2024-27952 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N March 13, 2024
Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection CVE-2024-25902 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H February 12, 2024
VK Poster Group <= 2.0.3 - Reflected Cross-Site Scripting via vkp_repost CVE-2024-24932 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N February 9, 2024
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization CVE-2024-24703 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L January 31, 2024
PDF Poster - PDF Embedder Plugin for WordPress <= 2.1.17 - Reflected Cross-Site Scripting CVE-2024-23508 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 24, 2024
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection CVE-2024-22309 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 19, 2024
BP Profile Search <= 5.5 - Reflected Cross-Site Scripting via BPS_FORM CVE-2024-22293 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N January 17, 2024
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status CVE-2024-22284 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 16, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation