Ngô Thiên An (ancorn_)

Organization: VNPT-VCI

16
All Time Ranking
243
All Time Discoveries
0
90 Day Published Submissions
21 Aug '24
Last Published Submission

About

Working for passion

Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
July 31, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
May 15, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
April 12, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
March 7, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
February 2, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
December 18, 2023

Showing 1-20 of 243 Vulnerabilities

Title CVE ID CVSS Vector Date
All Bootstrap Blocks <= 1.3.19 - Authenticated (Contributor+) Local File Inclusion CVE-2024-53824 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 2, 2024
Blockspare <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-47363 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 30, 2024
DSGVO All in one for WP <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43964 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 26, 2024
Delicious Recipes – WordPress Recipe Plugin <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43935 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 26, 2024
Collapsing Archives <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43934 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 26, 2024
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings CVE-2024-5583 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 21, 2024
All Bootstrap Blocks <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43349 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 16, 2024
Meta Field Block <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43278 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 16, 2024
Custom Layouts – Post + Product grids made easy <= 1.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43305 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 16, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag CVE-2024-4360 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 8, 2024
Blockspare <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-43164 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 7, 2024
Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs CVE-2024-3827 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N August 1, 2024
SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget CVE-2024-5901 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 30, 2024
vCita Online Booking & Scheduling Calendar <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-35761 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 17, 2024
Caxton – Create Pro page layouts in Gutenberg <= 1.30.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-37948 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Arkhe Blocks <= 2.22.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-38675 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 10, 2024
Genesis Blocks <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes CVE-2024-3563 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 8, 2024
Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid CVE-2024-3639 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N July 3, 2024
Ultimate Addons for Elementor <= 1.36.31 - Authenticated (Contributor+) Privilege Escalation CVE-2024-37455 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H July 1, 2024
Church Admin <= 4.4.4 - Missing Authorization CVE-2024-37440 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 28, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation