🦸 💥 Calling all superheroes and hunters! Introducing the End of Year Holiday Extravaganza and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program

Through December 9th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 Active Installations are in-scope for ALL researchers, all plugins and themes that are hosted in the WordPress.org repository with at least 50 active installs that have been updated in the last 2 years will be in-scope for ALL researchers, the minimum bounty awarded for all in-scope submissions will be $5, and ALL researchers earn automatic bonuses of 5%-180% for valid submissions in software with 1,000 - 4,999,999 active installs, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

132

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Showing 41-60 of 132 Vulnerabilities

Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-46312

Oct 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-45837

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Proofreading <= 1.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-45772

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting

6.1

CVE-2023-45630

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-45062

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting

6.1

CVE-2023-41856

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Restrict <= 2.2.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-41861

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting

6.1

CVE-2023-41663

Sep 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting

6.1

CVE-2023-40664

Aug 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting

6.1

CVE-2023-40196

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-35097

Jun 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-34022

May 31, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1

CVE-2023-34175

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting

6.1

CVE-2023-33997

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Front End Users <= 3.2.24 - Reflected Cross-Site Scripting

6.1

CVE-2023-33322

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Leyka <= 3.30.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-33325

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'

6.1

CVE-2023-32965

May 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting

6.1

CVE-2023-32603

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'

6.1

CVE-2023-32503

May 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting

6.1

CVE-2023-32108

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting	CVE-2023-46312	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 22, 2023
Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting	CVE-2023-45837	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 13, 2023
Proofreading <= 1.1 - Reflected Cross-Site Scripting	CVE-2023-45772	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 12, 2023
Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting	CVE-2023-45630	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 11, 2023
Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting	CVE-2023-45062	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 3, 2023
Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting	CVE-2023-41856	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2023
Restrict <= 2.2.4 - Reflected Cross-Site Scripting	CVE-2023-41861	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 5, 2023
WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting	CVE-2023-41663	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	September 1, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-40664	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 18, 2023
ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting	CVE-2023-40196	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	August 11, 2023
WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting	CVE-2023-35097	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 15, 2023
Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting	CVE-2023-34022	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 31, 2023
Login Configurator <= 2.1 - Reflected Cross-Site Scripting	CVE-2023-34175	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting	CVE-2023-33997	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 30, 2023
Front End Users <= 3.2.24 - Reflected Cross-Site Scripting	CVE-2023-33322	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Leyka <= 3.30.1 - Reflected Cross-Site Scripting	CVE-2023-33325	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 22, 2023
Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff'	CVE-2023-32965	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 18, 2023
Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting	CVE-2023-32603	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'	CVE-2023-32503	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 9, 2023
Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting	CVE-2023-32108	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 3, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation