Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > thiennv

thiennv

All Time Ranking

184

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Is this you? Register as a researcher today to add more public profile details here!

Showing 121-140 of 184 Vulnerabilities

WP Dummy Content Generator <= 2.3.0 - Missing Authorization

5.3

CVE-2023-37394

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv

5.3

CVE-2023-32520

May 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Thumbs Rating <= 5.0.0 - Race Condition

5.3

CVE-2022-45809

Apr 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Owl Carousel <= 0.5.3 - Missing Authorization via save_paramter.php

5.3

CVE-2022-44578

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery

4.7

CVE-2024-53775

Nov 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Custom Post Type Generator <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

4.4

CVE-2023-33329

May 22, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

6Storage Rentals <= 2.19.1 - Missing Authorization

4.3

CVE-2025-32178

Apr 4, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Easy WP Optimizer <= 1.1.0 - Missing Authorization

4.3

CVE-2025-32147

Apr 4, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Dynamic URL SEO <= 1.0 - Cross-Site Request Forgery

4.3

CVE-2025-23985

Jan 27, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Pretty Url <= 1.5.4 - Cross-Site Request Forgery

4.3

CVE-2025-22563

Jan 7, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tidy Up <= 1.3 - Cross-Site Request Forgery

4.3

CVE-2024-56015

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Posti Shipping <= 3.10.3 - Cross-Site Request Forgery

4.3

CVE-2024-56005

Dec 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Youtube Video Grid <= 1.9 - Cross-Site Request Forgery

4.3

CVE-2024-54408

Dec 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Bet sport Free <= 1.0.0 - Cross-Site Request Forgery

4.3

CVE-2024-54396

Dec 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery

4.3

CVE-2024-53707

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Manage User Columns <= 1.0.5 - Cross-Site Request Forgery

4.3

CVE-2024-51686

Nov 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.4.1 - Cross-Site Request Forgery

4.3

CVE-2024-35770

Jun 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

MJ Update History <= 1.0.4 - Missing Authorization

4.3

CVE-2024-35671

Jun 3, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery

4.3

CVE-2024-33677

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Total Poll Lite <= 4.9.9 - Missing Authorization

4.3

CVE-2024-32821

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Dummy Content Generator <= 2.3.0 - Missing Authorization	CVE-2023-37394	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	July 5, 2023
WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv	CVE-2023-32520	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 10, 2023
Thumbs Rating <= 5.0.0 - Race Condition	CVE-2022-45809	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 28, 2023
Owl Carousel <= 0.5.3 - Missing Authorization via save_paramter.php	CVE-2022-44578	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 22, 2023
DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery	CVE-2024-53775	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N	November 28, 2024
Custom Post Type Generator <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings	CVE-2023-33329	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	May 22, 2023
6Storage Rentals <= 2.19.1 - Missing Authorization	CVE-2025-32178	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 4, 2025
Easy WP Optimizer <= 1.1.0 - Missing Authorization	CVE-2025-32147	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 4, 2025
Dynamic URL SEO <= 1.0 - Cross-Site Request Forgery	CVE-2025-23985	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 27, 2025
Pretty Url <= 1.5.4 - Cross-Site Request Forgery	CVE-2025-22563	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 7, 2025
Tidy Up <= 1.3 - Cross-Site Request Forgery	CVE-2024-56015	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 16, 2024
Posti Shipping <= 3.10.3 - Cross-Site Request Forgery	CVE-2024-56005	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 14, 2024
Youtube Video Grid <= 1.9 - Cross-Site Request Forgery	CVE-2024-54408	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 12, 2024
Bet sport Free <= 1.0.0 - Cross-Site Request Forgery	CVE-2024-54396	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 12, 2024
Ahmeti Wp Güzel Sözler <= 4.0 - Cross-Site Request Forgery	CVE-2024-53707	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 22, 2024
Manage User Columns <= 1.0.5 - Cross-Site Request Forgery	CVE-2024-51686	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 1, 2024
Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.4.1 - Cross-Site Request Forgery	CVE-2024-35770	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 18, 2024
MJ Update History <= 1.0.4 - Missing Authorization	CVE-2024-35671	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 3, 2024
Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery	CVE-2024-33677	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 26, 2024
Total Poll Lite <= 4.9.9 - Missing Authorization	CVE-2024-32821	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 22, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

thiennv

Showing 121-140 of 184 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting