Wordfence Intelligence   >   Vulnerability Researchers   >   Le Ngoc Anh

Le Ngoc Anh

Organization: sun*inc

27
All Time Ranking
148
All Time Discoveries
4
90 Day Published Submissions
20 Nov '24
Last Published Submission

3 Achievements

Learn more about Achievements
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
November 8, 2024
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
May 21, 2024
Learn more Learn more about Achievements

Showing 1-20 of 148 Vulnerabilities

Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-34412
May 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-32127
Apr 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection
9.9
CVE-2024-30486
Mar 28, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection
9.9
CVE-2024-30242
Mar 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion
9.8
CVE-2024-10871
Nov 8, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection
9.8
CVE-2024-22309
Jan 19, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status
9.8
CVE-2024-22284
Jan 16, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection
9.8
CVE-2022-46818
Apr 19, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ARMember <= 3.4.11 - Unauthenticated SQL Injection
9.8
CVE-2022-46808
Mar 27, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-32087
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-32098
Apr 11, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection
9.1
CVE-2024-31241
Apr 5, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-10898
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-25924
Jan 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection
8.8
CVE-2023-52206
Jan 3, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2023-36677
Jun 30, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2022-46860
Jun 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution
8.8
CVE-2023-22677
Jan 13, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization
8.6
CVE-2024-24703
Jan 31, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2024-5207
May 22, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-34412 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H May 6, 2024
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection CVE-2024-32127 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H April 12, 2024
Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection CVE-2024-30486 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 28, 2024
Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection CVE-2024-30242 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H March 26, 2024
Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion CVE-2024-10871 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 8, 2024
ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection CVE-2024-22309 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 19, 2024
Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status CVE-2024-22284 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H January 16, 2024
Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection CVE-2022-46818 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 19, 2023
ARMember <= 3.4.11 - Unauthenticated SQL Injection CVE-2022-46808 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 27, 2023
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection CVE-2024-32087 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection CVE-2024-32098 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 11, 2024
LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection CVE-2024-31241 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H April 5, 2024
Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion CVE-2024-10898 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection CVE-2024-25924 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 12, 2024
Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection CVE-2023-52206 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 3, 2024
SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection CVE-2023-36677 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 30, 2023
Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection CVE-2022-46860 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 28, 2023
WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution CVE-2023-22677 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H January 13, 2023
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization CVE-2024-24703 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L January 31, 2024
POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection CVE-2024-5207 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H May 22, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation