Wordfence Intelligence   >   Vulnerability Researchers   >   thevietronin

thevietronin

Organization: GalaxyOne

237
All Time Ranking
12
All Time Discoveries
6
90 Day Published Submissions
21 Feb '25
Last Published Submission

3 Achievements

Learn more about Achievements
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
January 31, 2025
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
December 13, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
December 13, 2024
Learn more Learn more about Achievements

12 Vulnerabilities

WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection
4.3
CVE-2024-13873
Feb 21, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download
5.3
CVE-2024-13372
Jan 31, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion
4.3
CVE-2024-13429
Jan 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion
4.3
CVE-2024-13425
Jan 31, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
5.3
CVE-2024-13428
Jan 31, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending
5.3
CVE-2024-13371
Jan 31, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate()
4.9
CVE-2024-11713
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection
7.5
CVE-2024-11711
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection
4.9
CVE-2024-11710
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation
4.8
CVE-2024-11715
Dec 13, 2024
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()
4.9
CVE-2024-11714
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download
5.3
CVE-2024-11712
Dec 13, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Title CVE ID CVSS Vector Date
WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection CVE-2024-13873 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 21, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download CVE-2024-13372 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job Deletion CVE-2024-13429 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion CVE-2024-13425 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N January 31, 2025
WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion CVE-2024-13428 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N January 31, 2025
WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending CVE-2024-13371 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N January 31, 2025
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via wpjobportal_deactivate() CVE-2024-11713 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N December 13, 2024
WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection CVE-2024-11711 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N December 13, 2024
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection CVE-2024-11710 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N December 13, 2024
WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation CVE-2024-11715 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N December 13, 2024
WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox() CVE-2024-11714 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N December 13, 2024
WP Job Portal <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download CVE-2024-11712 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N December 13, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.