Nguyen Anh Tien

81
All Time Ranking
42
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 1-20 of 42 Vulnerabilities

Title CVE ID CVSS Vector Date
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms CVE-2023-40010 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 27, 2023
Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset CVE-2023-33327 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 22, 2023
Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation CVE-2023-30869 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 2, 2023
Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter CVE-2021-24139 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H May 15, 2020
Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file CVE-2023-34007 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 7, 2023
Slider by 10Web <= 1.2.35 - SQL Injection CVE-2021-24132 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 29, 2020
Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection CVE-2021-24137 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 29, 2020
WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress' CVE-2023-41243 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H September 12, 2023
WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download CVE-2023-28421 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N March 14, 2023
Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change CVE-2022-41135 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N October 28, 2022
WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby CVE-2021-24130 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 25, 2020
Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection CVE-2021-24131 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H November 20, 2020
AdRotate < 5.8.4 - Authenticated SQL Injection CVE-2021-24138 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H June 3, 2020
BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export CVE-2023-45104 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N October 18, 2023
IMPress Listings <= 2.6.2 - Missing Authorization CVE-2023-45633 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L October 11, 2023
Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions CVE-2023-23893 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N July 4, 2023
Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure CVE-2022-45803 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N February 6, 2023
Permalink Manager Lite <= 2.2.20 - Missing Authorization CVE-2022-41781 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L November 1, 2022
Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-52175 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 29, 2023
Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2021-24156 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 19, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation